Trufflehog

TruffleHog is a tool for finding credentials/secrets. It can search in commit history and branches from git repositories. This is effective at finding secrets accidentally committed. It also supports other sources such as gitlab, filesystem, AWS S3 buckets, Google Cloud buckets, syslog, Docker, etc.

Table of Contents

• Installation
• Options
• Search in Git repository
• Automation

Installation

sudo apt install trufflehog

pip install truffleHog

# With proxy
HTTP_PROXY="http://<user>:<password>@<server>:8080"
pip install --proxy $HTTP_PROXY truffleHog
pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org --proxy http://user:[email protected]:8080 truffleHog

Options

trufflehog <option> ...

• git : Find credentials in git repositories.
• github : Find credentials in GitHub repositories.
• github-experimental : Run an experimental GitHub scan.
• gitlab : Find credentials in GitLab repositories.
• filesystem : Find credentials in a filesystem.
• s3 : Find credentials in S3 buckets.
• gcs : Find credentials in GCS buckets.
• syslog : Scan syslog
• circleci : Scan CircleCI
• docker : Scan Docker Image
• travisci : Scan TravisCI
• postman : Scan Postman
• elasticsearch : Scan Elasticsearch
• jenkins : Scan Jenkins
• huggingface : Find credentials in HuggingFace datasets, models and spaces.
• stdin : Find credentials from stdin.
• multi-scan : Find credentials in multiple sources defined in configuration.
• analyze : Analyze API keys for fine-grained permissions information.

Search in Git repository

Find credentials in git repositories.

Help

trufflehog git --help

trufflehog git --help-long

Basic search

GIT_REPO="https://github.com/<some-git-repository>.git"

truffleHog git [<flags>] <uri>

trufflehog git $GIT_REPO

trufflehog git --include-detectors="all" $GIT_REPO

trufflehog git --no-verification $GIT_REPO

Automation

Execute Trufflehog for all repositories of a person/company.

trufflehog_all_repos.sh

#!/bin/bash
# Description: Execute trufflehog on all repositories for a company or person.

# If the wrong number of arguments was provided
if [ "$#" -ne 1 ]; then
    echo "Usage:"
    echo "./trufflehog_all_repos.sh URL"
    echo "Example:"
    echo "./trufflehog_all_repos.sh https://github.com/orgs/<company name>/repositories"
    echo "./trufflehog_all_repos.sh https://github.com/<someone>?tab=repositories"

# If the right number of argument was provided
else
    # Download the github page containing all repositories
    wget -O trufflehog_all_repos.html $1

    echo "Repositories found from $1:"
    grep codeRepository trufflehog_all_repos.html | awk -F "href=\"" '{print $2}' | cut -d "\"" -f 1

    for REPOSITORY in $(grep codeRepository trufflehog_all_repos.html | awk -F "href=\"" '{print $2}' | cut -d "\"" -f 1); do
        FILENAME="trufflehog"$(echo $REPOSITORY | sed 's/\//-/g')".txt"

        echo "Generating file ${FILENAME}..."
        echo "Repository: https://github.com${REPOSITORY}.git" > ./${FILENAME}
        trufflehog git "https://github.com${REPOSITORY}.git" >> ./${FILENAME}
    done

    rm trufflehog_all_repos.html
fi