Byte-Sized OSINT Tip: Trufflehog

Trufflehog is an incredible tool for discovering ‘secrets’ in all sorts of codebases. Secrets come in many forms, but none of them should be present in code repositories. They include, but are not limited to:

• Usernames/passwords
• AWS/GCP/Azure/Cloud Access Keys
• Github/Gitlab Access Keys

Trufflehog can scan a variety of code repositories and objects. They include, but are not limited to:

• Github (repositories and organizations)
• Gitlab
• Docker
• AWS S3 buckets
• GCS buckets

You can use Trufflehog on any operating system. It has an official Docker container, a homebrew package, and you can build it from source on any system that has golang on it.

Once you install trufflehog, there are many options for how to use the tool. You can explore these as follows:

# get basic information about trufflehog
trufflehog help

# get information about each scanning option
trufflehog $OPTION --help

Trufflehog has many common usecases that can assist in the OSINT process. Explore some of the ones listed below (or others that you discover) on your own code or code that you are authorized to test! Then, find a way that you can integrate the tool into your regular OSINT process.

# scan a git repository for secrets and verify them
trufflehog git https://github.com/trufflesecurity/test_keys --only-verified

# scan a github organization for verified secrets
trufflehog github --org=trufflesecurity --only-verified

#scan an aws s3 bucket for verified keys
trufflehog s3 --bucket=<bucket name> --only-verified

# scan a gcs bucket for secrets
trufflehog gcs --project-id=<project-ID> --cloud-environment --only-verified

# scan a local file/directory
trufflehog filesystem path/to/file1.txt path/to/file2.txt path/to/dir

# scan a Docker image for secrets
trufflehog docker --image trufflesecurity/secrets --only-verified

Resources

To learn more about trufflehog, please visit their GitHub repository where the program can be downloaded at https://github.com/trufflesecurity/trufflehog. The example commands are from the README in this repository and all credit for these commands and the trufflehog program goes to the developers at trufflehog.

About the Author:

Megan Howell (CyberQueenMeg) is a cybersecurity student at Grand Canyon University and an Offensive Security Intern at Cisco Systems. She is a bug bounty hunter, has been featured in Forbes Magazine for her work in AI Bias hunting, open source contributor to programs like BeeF and BlackArch Linux, former DefCon speaker, SkillsUSA Cybersecurity national competitor, National Cyber Scholar, and Cyber Patriot competitor. You can find her social media profiles at linktr.ee/cyberqueenmeg.

DISCLAIMER

The information presented above can be used for both beneficial and malicious purposes. I do not condone or endorse the use of this information for malicious purposes and will fully support the prosecution of those who use the information presented above in a manner that violates the law. You are only authorized to utilize this information on your own systems or on systems you are explicitly authorized to penetration test or perform bug bounties on. If you use this exploit in a malicious manner, you will be charged and prosecuted to the full extent of the laws surrounding unethical hacking and cyber crime.