Company Invites Community to Contribute New Use Cases, Rules to Improve the Secret Scanner Tool
Praetorian Open Sources Nosey Parker Regular Expression-Based Scanning Capabilities (Photo: Business Wire)
Praetorian Open Sources Nosey Parker Regular Expression-Based Scanning Capabilities (Photo: Business Wire)
AUSTIN, Texas–(BUSINESS WIRE)–Praetorian, a leading offensive security company, announced that it has open-sourced the regular expression-based (RegEx) scanning capabilities of its Nosey Parker secret scanning tool.
Inadvertent secrets disclosure is one of the more common attack paths in an organization. Praetorian’s Nosey Parker addresses the pervasive problem of secret exposure in source code and configuration files where sensitive information such as passwords, API keys, access tokens, asymmetric private keys, client secrets, and credentials exist. An attacker’s ability to discover these secrets may result in the ability to access keys to additional systems.
“Since the release of Nosey Parker, we have continued to find hard-coded secrets within client environments that are easily leveraged to access high-value assets,” said Anthony Paimany, Technical Director for Praetorian. “Until now, the remedial advice felt lackluster with procedural and policy-based recommendations. We are excited to offer an open-source version of Nosey Parker that empowers organizations to better secure their assets. We look forward to contributions from the community as they identify interesting and innovative new rules and use cases.”
With the RegEx open-source version, application security engineers, cloud security engineers, site reliability engineers, and developers can quickly find the number of security incidents and their location, avoiding what is currently a manual, time-consuming process. The company also has plans to add additional capabilities to the RegEx version in the months ahead that will allow users to explore or enumerate resources that appear on public git-hub and repositories. Additionally, the newly released version can perform scans 100 times faster than any other tool in the market, with the capability to scan 100 gigabytes of Linux Kernel source history on a laptop in five minutes.
Released by the company earlier this year, Nosey Parker is a module that sits inside the Company’s Chariot Platform and is a machine learning-powered, multi-phase solution for detecting secrets in code. In addition to the open-source RegEx scanner, NoseyParker comes with a machine-learning version (ML) that allows for higher efficacy without pattern limitations. The ML version is available through Praetorian’s Chariot platform and has the potential to find secrets that are difficult or impossible to write precise patterns for.
Paimany unveiled the open-source version of Nosey Parker during BlackHat Europe in an Arsenal Labs track talk titled “Mining for Secrets: Repos, firmware, and more”. To access the Nosey Parker RegEx scanner, visit https://github.com/praetorian-inc/noseyparker
Nosey Parker is part of the company’s Chariot platform, the first total attack lifecycle solution featuring an intelligent attack surface management (ASM) platform and offensive security managed services. Using automation and artificial intelligence (AI), the Chariot platform identifies attack surface exposure points using both outside-in (adversarial) and inside-out (cloud-integration) knowledge to prioritize real risk. Praetorian’s “red team” experts then extend the technology by emulating the latest attack techniques to validate compromise paths and integrate seamlessly into customer enterprise security teams to eliminate false positives and speed risk mitigation. The combination of Praetorian’s security engineering and expertise enables overburdened security teams facing talent shortages and rapidly changing internet-based environments to identify, attack, detect, and prevent real compromise within minutes.
About Praetorian
Praetorian delivers the only end-to-end security platform and managed service that acts like attackers to protect customers. As an extension of your security team, Praetorian helps enterprises achieve business resilience by continuously discovering assets, contextualizing their relationship and import, pinpointing vectors of compromise, and personalizing protection to remediate future risk. Engage with Praetorian offensive security engineers and experts to locate your critical exposures and continuously validate your cybersecurity program. Follow at www.praetorian.com or on Twitter and LinkedIn.
Media:
RedIron PR for Praetorian
Kari Walker
kari@redironpr.com
Media:
RedIron PR for Praetorian
Kari Walker
kari@redironpr.com
source
—
Note that any programming tips and code writing requires some knowledge of computer programming. Please, be careful if you do not know what you are doing…