trufflehog
all
Find and verify credentials in files, Git repositories, S3 buckets, and Docker images.
More info →Examples (8)
Scan a Git repository for verified secrets
trufflehog git https://github.com/trufflesecurity/test_keys --only-verifiedScan a GitHub organization for verified secrets
trufflehog github --org trufflesecurity --only-verifiedScan a GitHub repository for verified keys and get JSON output
trufflehog git https://github.com/trufflesecurity/test_keys --only-verified --jsonScan a GitHub repository along with its Issues and Pull Requests
trufflehog github --repo https://github.com/trufflesecurity/test_keys --issue-comments --pr-commentsScan an S3 bucket for verified keys
trufflehog s3 --bucket bucket name --only-verifiedScan S3 buckets using IAM Roles
trufflehog s3 --role-arn iam-role-arnScan individual files or directories
trufflehog filesystem path/to/file_or_directory1 path/to/file_or_directory2 ...Scan a Docker image for verified secrets
trufflehog docker --image trufflesecurity/secrets --only-verifiedmade by @shridhargupta | data from tldr-pages