Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Noseyparker Alternatives
Similar projects and alternatives to noseyparker
-
-
betterscan-ce
Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
-
-
-
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
-
file
Read-only mirror of file CVS repository, updated every half hour. NOTE: do not make pull requests here, nor comment any commits, submit them usual way to bug tracker or to the mailing list. Maintainer(s) are not tracking this git mirror.
-
-
-
noseyparker
Nosey Parker is a command-line program that finds secrets and sensitive information in textual data. (by Byron)
-
-
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
NOTE:
The number of mentions on this list indicates mentions on common posts plus user suggested alternatives.
Hence, a higher number means a better noseyparker alternative or higher similarity.
noseyparker reviews and mentions
Posts with mentions or reviews of noseyparker.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2024-02-15.
-
Magika: AI powered fast and efficient file type identification
Yes!
Sometimes a file has no extension. Other times the extension is a lie. Still other times, you may be dealing with an unnamed bytestring and wish to know what kind of content it is.
This last case happens quite a lot in Nosey Parker [1], a detector of secrets in textual data. There, it is possible to come across unnamed files in Git history, and it would be useful to the user to still indicate what type of file it seems to be.
I added file type detection based on libmagic to Nosey Parker a while back, but it's not compiled in by default because libmagic is slow and complicates the build process. Also, libmagic is implemented as a large C library whose primary job is parsing, which makes the security side of me jittery.
I will likely add enabled-by-default filetype detection to Nosey Parker using Magika's ONNX model.
[1] https://github.com/praetorian-inc/noseyparker
- GitHub: Can no longer search code without being logged in
- Managing secrets like API keys in Python - Why are so many devs still hardcoding secrets?
-
Show HN: Nosey Parker, a fast and low-noise secrets detector for textual data
Yes and no.
On the one hand, Nosey Parker is effectively a special-purpose `grep` with a bunch of security-relevant patterns built-in, including one for PEM-encoded keys: <https://github.com/praetorian-inc/noseyparker/blob/main/data...>
On the other hand, to naively run the check you describe, you would need access to a copy of all of GitHub, which isn't feasible.
What you can do with Nosey Parker is use its GitHub enumeration features to specify your GitHub organization and a list of GitHub usernames you are interested in, and scan against just those. This will implicitly list all the relevant public repositories, clone them, and scan their entire history.
For your use case, another thing you could do is use the new GitHub code search (<https://cs.github.com>) to regex search for particular keys or tokens. That new search seems to cover lots of the public content available on GitHub.
Also, to put some color on this use case: in offensive security engagements (aka "red team" engagements) at Praetorian, we frequently find leaked credentials or tokens on GitHub or elsewhere, which allow us deeper access into the client's systems. It's a significant problem.
- Nosey Parker, a fast and low-noise secrets detector, now supports enumerating GitHub repositories and writing results in SARIF format
- Nosey Parker, a newer secrets detector, can scan 100GB of Linux kernel commit history in 2 minutes on a laptop, and now can write SARIF output
- Nosey Parker, a fast secrets detector, now enumerates GitHub repos, writes SARIF output, and has 90 default rules
-
Tools for scanning commits?
A tool just got open-sourced called Nosey Parker that scans commits and git history for secrets. You could look at Nosey Parker's source code to see how they scan commits and design your tool based on that.
- Nosey Parker, a new scanner for hardcoded secrets in textual data
-
A note from our sponsor - InfluxDB
www.influxdata.com | 7 May 2024
Stats
Basic noseyparker repo stats
13
1,515
9.4
8 days ago
praetorian-inc/noseyparker is an open source project licensed under Apache License 2.0 which is an OSI approved license.
The primary programming language of noseyparker is Rust.
Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com