Trufflehog

Searches through git repositories (Github) for secrets, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.

Installation

pip install truffleHog

# With proxy
HTTP_PROXY="http://<user>:<password>@<server>:8080"
pip install --proxy $HTTP_PROXY truffleHog
pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org --proxy http://user:password@proxy.com:8080 truffleHog

Search in Git repository

GIT_REPO="https://git.kringlecastle.com/Upatree/santas_castle_automation.git"
trufflehog $GIT_REPO

Options

usage: trufflehog [-h] [--json] [--regex] [--rules RULES]
[--entropy DO_ENTROPY] [--since_commit SINCE_COMMIT]
[--max_depth MAX_DEPTH]
git_url

Find secrets hidden in the depths of git.

positional arguments:
git_url URL for secret searching

optional arguments:
-h, --help show this help message and exit
--json Output in JSON
--regex Enable high signal regex checks
--rules RULES Ignore default regexes and source from json list file
--entropy DO_ENTROPY Enable entropy checks
--since_commit SINCE_COMMIT
Only scan from a given commit hash
--max_depth MAX_DEPTH
The max commit depth to go back when searching for
secrets

Automation

Execute Trufflehog for all repositories of a person/company.

trufflehog_all_repos.sh

#!/bin/bash
# Description: Execute trufflehog on all repositories for a company or person.

# If the wrong number of arguments was provided
if [ "$#" -ne 1 ]; then
    echo "Usage:"
    echo "./trufflehog_all_repos.sh URL"
    echo "Example:"
    echo "./trufflehog_all_repos.sh https://github.com/orgs/<company name>/repositories"
    echo "./trufflehog_all_repos.sh https://github.com/<someone>?tab=repositories"

# If the right number of argument was provided
else
    # Download the github page containing all repositories
    wget -O trufflehog_all_repos.html $1

    echo "Repositories found from $1:"
    grep codeRepository trufflehog_all_repos.html | awk -F "href=\"" '{print $2}' | cut -d "\"" -f 1

    for REPOSITORY in $(grep codeRepository trufflehog_all_repos.html | awk -F "href=\"" '{print $2}' | cut -d "\"" -f 1); do
        FILENAME="trufflehog"$(echo $REPOSITORY | sed 's/\//-/g')".txt"

        echo "Generating file ${FILENAME}..."
        echo "Repository: https://github.com${REPOSITORY}.git" > ./${FILENAME}
        trufflehog "https://github.com${REPOSITORY}.git" >> ./${FILENAME}
    done

    rm trufflehog_all_repos.html
fi