This is an enhanced version of truffleHog scanner
TruffleHog 2.x is not backwards compatible with 1.x branch, see new trufflehog.yaml and Help
- Python 3.6
- flake8 compliant code
- output to file in different formats: text, JSON, YAML, HTML
- option to disable Git history checks - scan simple files/directories
- option to exclude files/directories, see trufflehog.yaml
- config file support with automatic detection in source code directory
Package is available on PyPI
pip install truffleHog3
List of default regexes was moved into repository, see rules.yaml
usage: trufflehog3 [options] source
Find secrets in your codebase.
positional arguments:
source URLs or paths to local folders for secret searching
optional arguments:
-h, --help show this help message and exit
-v, --verbose enable verbose logging {-v, -vv, -vvv}
-c, --config path to config file
-o, --output write report to file
-f, --format output format {text, json, yaml, html}
-r, --rules ignore default regexes and source from file
-R, --render-html render HTML report from JSON or YAML
--branch name of the repository branch to be scanned
--since-commit scan starting from a given commit hash
--skip-strings skip matching strings
--skip-paths skip paths matching regex
--max-depth max commit depth for searching
--no-regex disable high signal regex checks
--no-entropy disable entropy checks
--no-history disable commit history check
--no-current disable current status check
Special thanks to Dylan Ayrey (@dxa4481), developer of the original truffleHog scanner