On March 2, 2023, we issued some updates to our secrets sniffing tool, Nosey Parker, which has been available as an Apache 2-licensed open-source project since December 2022. We originally developed the full version to embed in Chariot, our Attack Surface Management solution, because we needed a secrets detection tool that was as fast as possible while returning as few false positives as possible. Most cybersecurity engineers need that capability, too, so we created an open source version and have been excited to see the community response. Read on to learn about the key changes in Nosey Parker v.0.12.0, which reflects community feedback we have received over the past two months.

Scan Git repositories by URL, GitHub username, or GitHub organization.

Users can now scan Git repositories by specifying a URL or a GitHub username or organization name. Manual repository cloning is not necessary. Additionally, a new standalone github command enables users to access this enumeration logic by itself. This feature is particularly useful for recon purposes, simplifying production of a list of Git repositories to check for misplaced credentials.

Detect more things—and with fewer false positives—with new and improved rules.

Nosey Parker v.0.12.0 includes 31 new regex rules. All the new rules are for tokens and secrets that precisely match with regular expressions, which should result in very few false positives. Additionally, five existing rules underwent revision to improve their signal-to-noise ratio. Nosey Parker now has 90 rules that are enabled by default. We selected them based on experience we gained from offensive security engagements.

Report findings in SARIF format.

Users now can emit SARIF output using the report command. SARIF is a JSON-based standardized format that several other tools support, including GitHub Code Analysis. Thanks to developer @Coruscant11 for contributing this commit. 

Use memory more efficiently during GitHub scanning.

After some simple code optimization, Nosey Parker now uses drastically less memory when scanning a large number of Git repositories.

—–

For more details on these changes and others, see the full changelog here. A prebuilt Docker image for x86_64 architectures is published to GitHub Container Registry, available here.

Stay tuned for future updates as we continue to receive and incorporate feedback and commits.