truffleHog – Searches Git Repositories for Credentials

Git repository is widely used by developers and code owners to host and share source code. this is very convenient and reduce time into developing applications but it also may accidentally post sensitive information to public repository. If you are looking to search for sensitive information you can check truffleHog.

truffleHog is a tool that search through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.

truffleHog – Searches Git Repositories for Strings and Secrets

Some of the regex search rules include the following: Slack Token, RSA private key , SSH (OPENSSH) private key, SSH (DSA) private key , SSH (EC) private key, PGP private key block, Facebook Oauth , Twitter Oauth, GitHub , Google Oauth , AWS API Key, Heroku API Key , Generic Secret , Generic API Key ,Slack Webhook , Google (GCP) Service-account, Twilio API Key , Password in URL.

With this tool the user may develop more rules that match any secret information or remove rules that do not match your environment.

You can download and read more about this tool over here:

Notify of
Inline Feedbacks
View all comments