Packages and Binaries:


This package contains a utitlity to search through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.

Installed size: 154.62 MB
How to install: sudo apt install trufflehog

  • libc6
  • libsqlite3-0
root@kali:~# snifftest --help
usage: Snifftest [<flags>] <command> [<args> ...]

Test secret detectors against data sets.

  --help  Show context-sensitive help (also try --help-long and --help-man).

help [<command>...]
    Show help.

    Shows the available detectors.

scan --repo=REPO [<flags>]
    Scans data.

root@kali:~# trufflehog --help
usage: TruffleHog [<flags>] <command> [<args> ...]

TruffleHog is a tool for finding credentials.

      --help                     Show context-sensitive help (also try
                                 --help-long and --help-man).
      --debug                    Run in debug mode.
      --trace                    Run in trace mode.
      --profile                  Enables profiling and sets a pprof and fgprof
                                 server on :18066.
  -j, --json                     Output in JSON format.
      --json-legacy              Use the pre-v3.0 JSON format. Only works with
                                 git, gitlab, and github sources.
      --github-actions           Output in GitHub Actions format.
      --concurrency=8            Number of concurrent workers.
      --no-verification          Don't verify the results.
      --only-verified            Only output verified results.
      --filter-unverified        Only output first unverified result per
                                 chunk per detector if there are more than one
      --config=CONFIG            Path to configuration file.
      --print-avg-detector-time  Print the average time spent on each detector.
      --no-update                Don't check for updates.
      --fail                     Exit with code 183 if results are found.
      --verifier=VERIFIER ...    Set custom verification endpoints.
                                 Maximum size of archive to scan. (Byte units
                                 eg. 512B, 2KB, 4MB)
                                 Maximum depth of archive to scan.
                                 Maximum time to spend extracting an archive.
      --include-detectors="all"  Comma separated list of detector types to
                                 include. Protobuf name or IDs may be used,
                                 as well as ranges.
                                 Comma separated list of detector types to
                                 exclude. Protobuf name or IDs may be used,
                                 as well as ranges. IDs defined here take
                                 precedence over the include list.
      --version                  Show application version.

help [<command>...]
    Show help.

git [<flags>] <uri>
    Find credentials in git repositories.

github [<flags>]
    Find credentials in GitHub repositories.

gitlab --token=TOKEN [<flags>]
    Find credentials in GitLab repositories.

filesystem [<flags>] [<path>...]
    Find credentials in a filesystem.

s3 [<flags>]
    Find credentials in S3 buckets.

gcs [<flags>]
    Find credentials in GCS buckets.

syslog [<flags>]
    Scan syslog

circleci --token=TOKEN
    Scan CircleCI

docker --image=IMAGE
    Scan Docker Image

root@kali:~# trufflehog-generate --help
usage: generate [<flags>] <kind> <name>

Generate is used to write new features.

  --help  Show context-sensitive help (also try --help-long and --help-man).

  <kind>  Kind of thing to generate.
  <name>  Name of the Source/Detector to generate.

Updated on: 2023-Nov-20