TruffleHog

TruffleHog

github.com

1

About this website

TruffleHog is a tool for finding and verifying credentials accidentally committed to code repositories, cloud storage, and other data sources. Originally created by Dylan Ayrey in 2016 and now maintained by Truffle Security, TruffleHog has over 18,000 stars as of 2026. Unlike simple pattern-matching secret scanners, TruffleHog goes beyond detection by actively verifying discovered credentials against their target APIs, significantly reducing false positives. Key features include: 700+ built-in detectors for credential types (AWS, Azure, Google Cloud, GitHub, GitLab, Slack, Stripe, Twilio, SendGrid, Mailgun, Datadog, New Relic, Heroku, DigitalOcean, and hundreds more), credential verification (actually sending API requests with discovered credentials to determine if they are live and valid, with safe request patterns that do not modify data), scanning of multiple sources including Git repositories (scanning full commit history), GitHub (scanning repos, gists, and organizations via API), GitLab, Docker images, S3 buckets, Google Drive, Postman, JFrog Artifactory, Travis CI, and filesystems, deep scanning of Git objects (including dangling commits, stashes, and packed objects that other tools miss), JSON, JSONL, and SARIF output formats, custom detector creation via plugins, CI/CD integration with GitHub Actions, GitLab CI, CircleCI, and Jenkins, pre-commit hook integration, scan result filtering and deduplication, parallel scanning for performance, and a web UI (TruffleHog Enterprise) for managing scans and results. TruffleHog is written in Go.

Tags & Categories

Categories

Tags

Statistics

1
Views
0
Clicks
0
Like
0
Dislike

Comments

Log In to post a comment

No comments yet. Be the first!