TruffleHog
TruffleHog searches through git repositories for secrets, digging deep into commit history and branches. It is effective at finding secrets accidentally committed.
Description
TruffleHog is a utility designed to detect credentials and secrets within various sources, particularly git repositories. It scans commit history and branches to identify accidentally committed sensitive information, making it valuable for security audits and compliance checks.
Use cases include scanning personal or organizational git repositories, GitHub, GitLab, filesystems, S3 buckets, and more specialized sources like Docker images, Jenkins, and HuggingFace datasets. This helps prevent exposure of API keys, passwords, and other secrets in version control systems.
The tool supports multiple scan types through distinct commands, allowing targeted searches across different platforms and input methods, from stdin to multi-source configurations.
How It Works
TruffleHog finds credentials by scanning git repositories deeply into commit history and branches, as well as other sources like filesystems, cloud storage, and APIs. It uses pattern matching for known secret formats and outputs results in formats like JSON. Specialized commands handle platform-specific scans, such as GitHub experimental modules or token-authenticated GitLab searches.
Installation
sudo apt install trufflehogFlags
Examples
trufflehog -htrufflehog git <uri>trufflehog githubtrufflehog github-experimental --repo=REPOtrufflehog gitlab --token=TOKENtrufflehog filesystem <path>trufflehog stdin