noseyparker

Bot User-Agent: noseyparker

⚠️ Overview

Nosey Parker is an open-source secret detection tool developed and maintained by Praetorian, a cybersecurity firm headquartered in Austin, Texas, and publicly available at github.com/praetorian/noseyparker. Originally released in 2020, it is designed to automatically identify hardcoded credentials, API keys, tokens, and other sensitive strings within code repositories, file systems, and plain-text data. The tool has been widely adopted by both security professionals and malicious actors for its ability to rapidly locate exposed secrets in large codebases.

🔧 Technical Capabilities

Nosey Parker employs a combination of regular expression pattern matching and entropy analysis to detect high-confidence secrets. It can scan entire git commit histories, including all branches and tags, as well as local directories and individual files. The tool supports custom rule definitions via YAML configuration, allowing users to extend detection to proprietary formats or specific services. It outputs findings in JSON or terminal-friendly formats, including the vulnerable context and file path. Nosey Parker is designed for bulk scanning — it can process thousands of repositories or terabytes of data efficiently. It also supports GitHub API integration, enabling automated scanning of public and private repositories. The tool uses parallel processing to accelerate scans and leverages in-memory caching to avoid redundant work.

📜 History & Notable Incidents

Nosey Parker first appeared on GitHub in July 2020 and quickly became a staple in offensive security toolkits. While not associated with a specific CVE, it has been cited in multiple bug bounty reports and penetration test summaries as a primary mechanism for discovering leaked credentials. In 2021, researchers demonstrated its use against public GitHub repositories to uncover thousands of live API keys, leading to high-profile coordinator disclosures. The tool was also observed in malicious supply chain attacks where attackers used it to exfiltrate secrets from compromised CI/CD pipelines.

🔍 Detection Indicators

Nosey Parker does not use a fixed User-Agent string by default, but its HTTP requests to GitHub’s API or git servers often contain the header User-Agent: Go-http-client/2.0 (since it is written in Go) or custom identifiers like noseyparker/1.0. Behavioral fingerprints include bursts of identical API calls to clone repositories or list branches, followed by local file read operations on cloned data. Traffic patterns show unusually high rates of git clone commands from a single IP, often targeting multiple unrelated repositories in quick succession.

☠️ Risk & Impact

Successful exploitation of Nosey Parker scans can lead to the exposure of cloud infrastructure credentials (AWS, Azure, GCP), database passwords, OAuth tokens, and SSH private keys. An attacker can use these secrets to escalate privileges, move laterally within an environment, or exfiltrate sensitive data. The tool’s efficiency means a single compromised developer endpoint or API token can cascade into a full-scale breach affecting multiple services.

🛡️ Mitigation

Nosey Parker is blocked immediately upon detection because its presence signals active reconnaissance for credential theft. Mitigation involves monitoring for massive parallel git clone requests, enforcing strict API rate limits, and scanning codebases for leaked secrets proactively. Any IP exhibiting Nosey Parker’s behavioral signature is added to a permanent block list to prevent further reconnaissance.

53% of Web Traffic Is Bots in 2026

— Imperva Bad Bot Report 2026

How much of your traffic is automated? Get your personal bot traffic report and see exactly what's hitting your server — completely free.

📊 Get My Bot Report

Sign up in seconds  ·  No card required

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the bots listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.