• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

truffleHog – Search Git for High Entropy Strings with Commit History

December 2, 2019

Views: 8,802

truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.

truffleHog - Search Git for High Entropy Strings with Commit History

truffleHog previously functioned by running entropy checks on git diffs. This functionality still exists, but high signal regex checks have been added, and the ability to surpress entropy checking has also been added.

1
truffleHog --regex --entropy=False https://github.com/dxa4481/truffleHog.git

or

1
truffleHog file:///user/dxa4481/codeprojects/truffleHog/

truffleHog will go through the entire commit history of each branch, and check each diff from each commit, and check for secrets. This is both by regex and by entropy. For entropy checks, it will evaluate the shannon entropy for both the base64 charset and hexidecimal charset for every blob of text greater than 20 characters comprised of those character sets in each diff. If at any point a high entropy string >20 characters is detected, it will print to the screen.

Using truffleHog to Search Git for High Entropy Strings

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
usage: trufflehog [-h] [--json] [--regex] [--rules RULES]
                  [--entropy DO_ENTROPY] [--since_commit SINCE_COMMIT]
                  [--max_depth MAX_DEPTH]
                  git_url
 
Find secrets hidden in the depths of git.
 
positional arguments:
  git_url               URL for secret searching
 
optional arguments:
  -h, --help            show this help message and exit
  --json                Output in JSON
  --regex               Enable high signal regex checks
  --rules RULES         Ignore default regexes and source from json list file
  --entropy DO_ENTROPY  Enable entropy checks
  --since_commit SINCE_COMMIT
                        Only scan from a given commit hash
  --max_depth MAX_DEPTH
                        The max commit depth to go back when searching for
                        secrets
  -i INCLUDE_PATHS_FILE, --include_paths INCLUDE_PATHS_FILE
                        File with regular expressions (one per line), at least
                        one of which must match a Git object path in order for
                        it to be scanned; lines starting with "#" are treated
                        as comments and are ignored. If empty or not provided
                        (default), all Git object paths are included unless
                        otherwise excluded via the --exclude_paths option.
  -x EXCLUDE_PATHS_FILE, --exclude_paths EXCLUDE_PATHS_FILE
                        File with regular expressions (one per line), none of
                        which may match a Git object path in order for it to
                        be scanned; lines starting with "#" are treated as
                        comments and are ignored. If empty or not provided
                        (default), no Git object paths are excluded unless
                        effectively excluded via the --include_paths option.

You can download truffleHog here:

truffleHog-dev.zip

Or read more here.

Related Posts:

  • An Introduction To Web Application Security Systems
  • Signal Messaging App Formal Audit Results Are Good
  • Understanding the Deep Web, Dark Web, and Darknet…
  • testssl.sh - Test SSL Security Including Ciphers,…
  • Github Dorks - Github Security Scanning Tool
  • GitMiner - Advanced Tool For Mining Github
Share
Tweet48
Share
Buffer28
WhatsApp
Email
76 Shares

Filed Under: Hacking Tools Tagged With: github



Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

TREVORspray - Credential Spray Toolkit for Azure, Okta, OWA & More

TREVORspray – Credential Spray Toolkit for Azure, Okta, OWA & More

Views: 283

TREVORspray is a purpose-built password spraying utility designed for red teams and offensive … ...More about TREVORspray – Credential Spray Toolkit for Azure, Okta, OWA & More

Force Push Scanner - Hunt GitHub Dangling Commits for Leaked Secrets

Force Push Scanner – Hunt GitHub Dangling Commits for Leaked Secrets

Views: 323

Force Push Scanner is an offensive security tool that identifies secrets inadvertently left in … ...More about Force Push Scanner – Hunt GitHub Dangling Commits for Leaked Secrets

Emerging Darknet Marketplaces of 2025 Anatomy Tactics & Trends

Emerging Darknet Marketplaces of 2025 Anatomy Tactics & Trends

Views: 3,955

Darknet marketplaces remain central to illicit trade in 2025, with evolving business models, payment … ...More about Emerging Darknet Marketplaces of 2025 Anatomy Tactics & Trends

Caracal - Rust eBPF Rootkit for Stealthy Post-Exploitation

Caracal – Rust eBPF Rootkit for Stealthy Post-Exploitation

Views: 500

Caracal is a new Rust-based eBPF (extended Berkeley Packet Filter) rootkit that provides a stealth … ...More about Caracal – Rust eBPF Rootkit for Stealthy Post-Exploitation

Windows_EndPoint_Audit - Endpoint Security Auditing Toolkit

Windows_EndPoint_Audit – Endpoint Security Auditing Toolkit

Views: 557

Windows_EndPoint_Audit from ITAuditMaverick introduces a powerful method for offensive security … ...More about Windows_EndPoint_Audit – Endpoint Security Auditing Toolkit

Malvertising and TDS Cloaking Tactics Uncovered

Malvertising and TDS Cloaking Tactics Uncovered

Views: 389

As digital advertising continues to be exploited by malicious actors, malvertising and Traffic … ...More about Malvertising and TDS Cloaking Tactics Uncovered

Topics

  • Advertorial (28)
  • Apple (46)
  • Cloud Security (2)
  • Countermeasures (231)
  • Cryptography (84)
  • Dark Web (1)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (432)
  • Forensics (65)
  • GenAI (4)
  • Hacker Culture (9)
  • Hacking News (230)
  • Hacking Tools (688)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (74)
  • Malware (240)
  • Networking Hacking Tools (353)
  • Password Cracking Tools (105)
  • Phishing (41)
  • Privacy (219)
  • Secure Coding (119)
  • Security Software (236)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (170)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker Hacker – Download brutus-aet2.zip AET2 (2,332,914)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,173,352)
  • Top 15 Security Utilities & Download Hacking Tools (2,096,838)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,199,811)
  • Password List Download Best Word List – Most Common Passwords (933,799)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (776,470)
  • Hack Tools/Exploits (673,472)
  • Wep0ff – Wireless WEP Key Cracker Tool (530,458)

Search

Recent Posts

  • TREVORspray – Credential Spray Toolkit for Azure, Okta, OWA & More July 14, 2025
  • Force Push Scanner – Hunt GitHub Dangling Commits for Leaked Secrets July 11, 2025
  • Emerging Darknet Marketplaces of 2025 Anatomy Tactics & Trends July 9, 2025
  • Caracal – Rust eBPF Rootkit for Stealthy Post-Exploitation July 7, 2025
  • Windows_EndPoint_Audit – Endpoint Security Auditing Toolkit July 4, 2025
  • Malvertising and TDS Cloaking Tactics Uncovered July 2, 2025

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2025 Darknet All Rights Reserved · Privacy Policy