Show HN: Nosey Parker, a fast and low-noise secrets detector for textual data

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Credentials Devsecops Penetration Testing Rust Scanner

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • noseyparker

    Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.

    • Yes and no.

    On the one hand, Nosey Parker is effectively a special-purpose `grep` with a bunch of security-relevant patterns built-in, including one for PEM-encoded keys: <https://github.com/praetorian-inc/noseyparker/blob/main/data...>

    On the other hand, to naively run the check you describe, you would need access to a copy of all of GitHub, which isn't feasible.

    What you can do with Nosey Parker is use its GitHub enumeration features to specify your GitHub organization and a list of GitHub usernames you are interested in, and scan against just those. This will implicitly list all the relevant public repositories, clone them, and scan their entire history.

    For your use case, another thing you could do is use the new GitHub code search (<https://cs.github.com>) to regex search for particular keys or tokens. That new search seems to cover lots of the public content available on GitHub.

    Also, to put some color on this use case: in offensive security engagements (aka "red team" engagements) at Praetorian, we frequently find leaked credentials or tokens on GitHub or elsewhere, which allow us deeper access into the client's systems. It's a significant problem.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • GitHub: Can no longer search code without being logged in

    1 project | news.ycombinator.com | 27 Nov 2023

  • Show HN: Nosey Parker, a fast and low-noise secrets detector for textual data

    1 project | /r/hypeurls | 2 Mar 2023

  • Nosey Parker, a fast and low-noise secrets detector, now supports enumerating GitHub repositories and writing results in SARIF format

    1 project | /r/blueteamsec | 2 Mar 2023

  • Nosey Parker, a newer secrets detector, can scan 100GB of Linux kernel commit history in 2 minutes on a laptop, and now can write SARIF output

    1 project | /r/SAST | 2 Mar 2023

  • Nosey Parker, a fast secrets detector, now enumerates GitHub repos, writes SARIF output, and has 90 default rules

    1 project | /r/netsec | 2 Mar 2023