trufflehog
by trufflesecurity
TruffleHog is a powerful tool to discover, classify, validate, and analyze leaked credentials across various platforms and repositories.
Find, verify, and analyze leaked credentials
Primary Use Case
TruffleHog is primarily used by security teams and developers to identify exposed secrets such as API keys, passwords, and private keys in source code, chats, wikis, and other data stores. It helps organizations proactively detect and validate leaked credentials to prevent unauthorized access and potential breaches.
- Discovery of secrets across Git, chats, wikis, logs, API testing platforms, object stores, and filesystems
- Classification of over 800 secret types mapped to their specific identities
- Validation of secrets by checking if they are live and active
- In-depth analysis of common leaked credentials to determine creation, access, and permissions
- Supports scanning multiple platforms including GitHub, Jira, Slack, Confluence, Microsoft Teams, and Sharepoint
- Open source with an enterprise version for continuous monitoring
- Docker support for easy deployment
- Community support via Slack and Discord
Installation
- For MacOS users: brew install trufflehog
- Ensure Docker engine is running before using Docker commands
- Unix Docker run: docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github --repo https://github.com/trufflesecurity/test_keys
- Windows Command Prompt Docker run: docker run --rm -it -v "%cd:/=\=%:/pwd" trufflesecurity/trufflehog:latest github --repo https://github.com/trufflesecurity/test_keys
- Windows PowerShell Docker run: docker run --rm -it -v "${PWD}:/pwd" trufflesecurity/trufflehog:latest github --repo https://github.com/trufflesecurity/test_keys
Usage
>_ docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github --org=trufflesecurityRun TruffleHog via Docker to scan all repositories in the 'trufflesecurity' GitHub organization.
>_ docker run --rm -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github --repo https://github.com/trufflesecurity/test_keysRun TruffleHog via Docker to scan a specific GitHub repository for leaked secrets.
- Integrate TruffleHog scans into CI/CD pipelines for early detection of leaked secrets before deployment.
- Use the validation feature to prioritize remediation efforts by focusing on active and live credentials.
- Combine with SIEM tools to automate alerting and incident response workflows upon secret detection.
- Leverage classification data to tailor access control policies and reduce attack surface.
- Employ TruffleHog in purple team exercises to simulate credential leakage scenarios and improve detection capabilities.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about trufflehog. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
3 free chats per tool • Instant responses • No credit card
Related Tools
server
nextcloud/server
☁️ Nextcloud server, a safe home for all your data
gitleaks
gitleaks/gitleaks
Find secrets with Gitleaks 🔑
Ciphey
bee-san/Ciphey
⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
sops
getsops/sops
Simple and flexible tool for managing secrets
dotenv
motdotla/dotenv
Loads environment variables from .env for nodejs projects.
ecapture
gojue/ecapture
Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.