Find leaked credentials.
--- [![CI Status](https://github.com/trufflesecurity/trufflehog2/workflows/release/badge.svg)](https://github.com/trufflesecurity/trufflehog2/actions) [![Go Report Card](https://goreportcard.com/badge/github.com/trufflesecurity/trufflehog2)](https://goreportcard.com/report/github.com/trufflesecurity/trufflehog2) [![Docker Hub Build Status](https://img.shields.io/docker/cloud/build/trufflesecurity/trufflehog2.svg)](https://hub.docker.com/r/trufflesecurity/trufflehog2/) ![GitHub](https://img.shields.io/github/license/trufflesecurity/trufflehog2) --- ## Join The Slack Have questions? Feedback? Jump in slack and hang out with us https://join.slack.com/t/trufflehog-community/shared_invite/zt-pw2qbi43-Aa86hkiimstfdKH9UCpPzQ ## Demo ![Stargazers over time](https://storage.googleapis.com/truffle-demos/non-interactive.svg) ## Installation Several options: ### 1. Go `go install github.com/trufflesecurity/trufflehog2.git@latest` ### 2. [Release binaries](https://github.com/trufflesecurity/trufflehog2/releases) ### 3. Docker > Note: Apple M1 hardware users should run with `docker run --platform linux/arm64` for better performance. #### **Most users** ```bash docker run -it -v "$PWD:/pwd" ghcr.io/trufflesecurity/trufflehog2:latest github --repo https://github.com/trufflesecurity/test_keys --debug ``` #### **Apple M1 users** The `linux/arm64` image is better to run on the M1 than the amd64 image. Even better is running the native darwin binary avilable, but there is not container image for that. ```bash docker run --platform linux/arm64 -it -v "$PWD:/pwd" ghcr.io/trufflesecurity/trufflehog2:latest github --repo https://github.com/trufflesecurity/test_keys ``` ### 4. Pip (help wanted) It's possible to distribute binaries in pip wheels. Here is an example of a [project that does it](https://github.com/Yelp/dumb-init). Help with setting up this packaging would be appreciated! ### 5. Brew (help wanted) We'd love to distribute via brew and could use your help. ## Usage TruffleHog has a sub-command for each source of data that you may want to scan: - git - github - gitlab - S3 - filesystem - file and stdin Each subcommand can have options that you can see with the `-h` flag provided to the sub command: ``` $ trufflehog git --help usage: TruffleHog git [