Packages and Binaries:
trufflehog
This package contains a utitlity to search through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
Installed size: 154.62 MB
How to install: sudo apt install trufflehog
Dependencies:
- libc6
- libsqlite3-0
snifftest
root@kali:~# snifftest --help
usage: Snifftest [<flags>] <command> [<args> ...]
Test secret detectors against data sets.
Flags:
--help Show context-sensitive help (also try --help-long and --help-man).
Commands:
help [<command>...]
Show help.
show-detectors
Shows the available detectors.
scan --repo=REPO [<flags>]
Scans data.
trufflehog
root@kali:~# trufflehog --help
usage: TruffleHog [<flags>] <command> [<args> ...]
TruffleHog is a tool for finding credentials.
Flags:
--help Show context-sensitive help (also try
--help-long and --help-man).
--debug Run in debug mode.
--trace Run in trace mode.
--profile Enables profiling and sets a pprof and fgprof
server on :18066.
-j, --json Output in JSON format.
--json-legacy Use the pre-v3.0 JSON format. Only works with
git, gitlab, and github sources.
--github-actions Output in GitHub Actions format.
--concurrency=8 Number of concurrent workers.
--no-verification Don't verify the results.
--only-verified Only output verified results.
--filter-unverified Only output first unverified result per
chunk per detector if there are more than one
results.
--config=CONFIG Path to configuration file.
--print-avg-detector-time Print the average time spent on each detector.
--no-update Don't check for updates.
--fail Exit with code 183 if results are found.
--verifier=VERIFIER ... Set custom verification endpoints.
--archive-max-size=ARCHIVE-MAX-SIZE
Maximum size of archive to scan. (Byte units
eg. 512B, 2KB, 4MB)
--archive-max-depth=ARCHIVE-MAX-DEPTH
Maximum depth of archive to scan.
--archive-timeout=ARCHIVE-TIMEOUT
Maximum time to spend extracting an archive.
--include-detectors="all" Comma separated list of detector types to
include. Protobuf name or IDs may be used,
as well as ranges.
--exclude-detectors=EXCLUDE-DETECTORS
Comma separated list of detector types to
exclude. Protobuf name or IDs may be used,
as well as ranges. IDs defined here take
precedence over the include list.
--version Show application version.
Commands:
help [<command>...]
Show help.
git [<flags>] <uri>
Find credentials in git repositories.
github [<flags>]
Find credentials in GitHub repositories.
gitlab --token=TOKEN [<flags>]
Find credentials in GitLab repositories.
filesystem [<flags>] [<path>...]
Find credentials in a filesystem.
s3 [<flags>]
Find credentials in S3 buckets.
gcs [<flags>]
Find credentials in GCS buckets.
syslog [<flags>]
Scan syslog
circleci --token=TOKEN
Scan CircleCI
docker --image=IMAGE
Scan Docker Image
trufflehog-generate
root@kali:~# trufflehog-generate --help
usage: generate [<flags>] <kind> <name>
Generate is used to write new features.
Flags:
--help Show context-sensitive help (also try --help-long and --help-man).
Args:
<kind> Kind of thing to generate.
<name> Name of the Source/Detector to generate.
Updated on: 2023-Nov-20