TruffleHog
Secrets discovery, classification, and live-verification tool with 700+ detectors, usable by agents to find leaked credentials.
🛡️ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for TruffleHog, derived from its capabilities.
AIVSS 8.7 · High
View MAESTRO 7-layer threat model →Overview
TruffleHog finds, verifies, and analyzes leaked credentials across git, chats, wikis, logs, object stores, and filesystems using 700+ verified detectors that make live API calls to confirm whether a secret is still valid. As agent tooling it lets an assistant scan repos and history for exposed credentials before they are abused. Running verification calls and reading source make it a sensitive scanning surface.
Key features
- 700+ verified secret detectors
- Live credential validation
- Scans git, chats, logs, object stores, filesystems
Use cases
- Scan a repo and history for live secrets
- Verify whether a leaked credential is still active