Find, verify, and analyze leaked credentials

Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.

A suite of secret scanners built in Rust for performance. Based on TruffleHog (https://github.com/dxa4481/truffleHog) which is written in Python.

Private key usage verification

No description available

Secret and/or credential patterns used for gf.

Yar is a tool for plunderin' organizations, users and/or repositories.

These are the regexes that power truffleHog

Scans remote JavaScript files with Trufflehog + Semgrep to detect leaked secrets

Browser extension that leverages TruffleHog and Native Messaging Hosts to scan web traffic in real-time for exposed secrets

Find secrets in your codebase

truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)

Detect npm packages compromised in the Shai-Hulud 2.0 supply chain attack (Nov 2025). Scans for 790+ malicious packages, suspicious scripts, TruffleHog activity, SHA1HULUD runners, and secrets exfiltration. GitHub Action with SARIF support.

Official TruffleHog Burp Suite Extension. Scan Burp Suite traffic for 800+ different types of secrets (API keys, passwords, SSH keys, etc) using TruffleHog.

An open-source collection of API key rotation tutorials.

Find secrets in git repositories with TruffleHog & Gitleaks

Hunt for AI coding artifacts containing secrets.

TruffleHog Explorer, a user-friendly web-based tool to visualize and analyze data extracted using TruffleHog.

convert secret patterns to gf compatible.

A powerful Burp Suite extension that automatically detects JavaScript URLs from HTTP traffic, scans them using TruffleHog for secrets detection, and sends findings to Discord webhooks in real-time.

Automated GitHub secret scanning with smart alerting & monitoring.

layerleak the Docker Hub Secret Scanner

Scan repository for secrets with basic defaults in place for easy setup.

A simple web viewer for TruffleHog JSON output.

A powerful containerized tool that automatically downloads, extracts, and scans packages from PyPI and npm for embedded secrets, API keys, tokens, and other sensitive information using TruffleHog.

Find exposed credentials using GitHub Actions with TruffleHog Enterprise.

String-based secret-searching tool (high entropy and regexes) based on truffleHog

Multithreading search through Bitbucket git repositories for sensitive data (see TruffleHog/regexChecks.py), digging deep into commit history, branches and filenames.

Open Source ASPM Platform

HTTP proxy that uses trufflehog's engine to find secrets