-
Notifications
You must be signed in to change notification settings - Fork 68
FAQ
Titus is an open source secret scanner built in Go by Praetorian. It detects leaked credentials, API keys, and tokens across source code, binary files, and HTTP traffic. It runs as a CLI tool, a Go library, a Burp Suite extension, or a Chrome browser extension, all sharing the same detection engine and rule set.
Titus ships with over 450 detection rules drawn from two sources: roughly 200 rules from Nosey Parker covering credential patterns commonly found during security engagements, and 250+ rules from Kingfisher (MongoDB's Nosey Parker fork) covering a long tail of SaaS platforms and services including Stripe, Twilio, SendGrid, Datadog, and more.
Yes. Titus can check whether a detected secret is actually live by making a controlled request against the relevant API. Run titus scan path/to/code --validate and each finding is tagged as confirmed, denied, or unknown. The scanner uses concurrent validation workers (4 by default, configurable with --validate-workers).
Beyond plaintext source code, Titus can extract and scan secrets from binary file formats including Office documents (xlsx, docx, pptx), PDFs, Jupyter notebooks, SQLite databases, and common archive formats (zip, tar, tar.gz, jar, war, ear, apk, ipa, crx). Archives are recursively extracted up to configurable depth and size limits. Use titus scan path/to/files --extract=all to enable extraction.
Titus is a Go reimplementation of Nosey Parker's detection engine. Nosey Parker was written in Rust and offered excellent raw performance, but the Go rewrite enables native integration with Praetorian's Go-based tooling ecosystem. Titus carries forward Nosey Parker's battle-tested rules and adds new capabilities like secrets validation, binary file extraction, and a Burp Suite extension.
Titus differentiates with three key features: live credential validation against source APIs, binary file extraction (scanning Office docs, PDFs, archives, mobile packages), and multiple interfaces beyond the CLI (Go library, Burp Suite extension, Chrome extension). It also ships with a larger rule set (450+ rules from both Nosey Parker and Kingfisher).
Download a prebuilt binary from the Releases page for Linux, macOS, or Windows. The Burp Suite extension JAR and Chrome extension ship alongside them. You can also build from source with make build.
Yes. Titus uses the same rule format as Nosey Parker. You can create custom YAML rule files and load them with titus scan path/to/code --rules path/to/custom-rules.yaml. See the repository for rule format documentation.