Reduce costly production bugs

Self-Hosted AI Code Reviewer

Hexmos LiveReview AI-Powered Code Review
Live Review
AI-Powered Code Review

Find Secrets with TruffleHog - Scan Git Repos | Online Free DevTools by Hexmos

Find secrets with TruffleHog, a powerful secret scanner for code repositories. Identify exposed credentials and sensitive data. Free online tool, no registration required.

trufflehog

Find and verify credentials in files, Git repositories, S3 buckets, and Docker images. More information: https://github.com/trufflesecurity/trufflehog.

  • Scan a Git repository for verified secrets:

trufflehog git {{https://github.com/trufflesecurity/test_keys}} --only-verified

  • Scan a GitHub organization for verified secrets:

trufflehog github --org {{trufflesecurity}} --only-verified

  • Scan a GitHub repository for verified keys and get JSON output:

trufflehog git {{https://github.com/trufflesecurity/test_keys}} --only-verified --json

  • Scan a GitHub repository along with its Issues and Pull Requests:

trufflehog github --repo {{https://github.com/trufflesecurity/test_keys}} --issue-comments --pr-comments

  • Scan an S3 bucket for verified keys:

trufflehog s3 --bucket {{bucket name}} --only-verified

  • Scan S3 buckets using IAM Roles:

trufflehog s3 --role-arn {{iam-role-arn}}

  • Scan individual files or directories:

trufflehog filesystem {{path/to/file_or_directory1 path/to/file_or_directory2 ...}}

  • Scan a Docker image for verified secrets:

trufflehog docker --image {{trufflesecurity/secrets}} --only-verified

See Also
← Back to common commands tldr 🙏  Credits & Acknowledgments