TruffleHog
Find and verify leaked credentials
The Lens
TruffleHog finds leaked secrets in your code (API keys, passwords, tokens) and verifies whether they're actually live and valid. That's the key difference from other secret scanners. Instead of flagging every high-entropy string, TruffleHog checks if that AWS key still works, if that Slack token is active, if that database password connects.
AGPL v3, Go. Scans Git repos, GitHub/GitLab orgs, S3 buckets, Docker images, and filesystems. 800+ credential detectors with built-in verification. The CLI is fast and the output tells you exactly which secrets are verified-active vs. unverified.
The open source CLI is free under AGPL. TruffleSecurity offers an Enterprise platform with a dashboard, API, team management, and continuous monitoring. Pricing is custom. For solo developers and small teams: the CLI is everything you need. Run it on your repos, pipe it into CI, done. Medium teams: the CLI still works, but the Enterprise dashboard adds visibility. Large teams: Enterprise for org-wide scanning and compliance reporting.
The catch: AGPL license. If you're building a product that incorporates TruffleHog, the copyleft terms require you to open source your code. For internal use it doesn't matter, but SaaS products need to be careful. Also, verification means TruffleHog actually attempts to authenticate with found credentials. In rare cases, this could trigger rate limits or account lockouts on the service being tested.
Get tools like this every Wednesday
One featured tool, three on the radar. No fluff.
Free vs Self-Hosted vs Paid
open core### Free Tier Open source CLI under AGPL v3. All 800+ detectors, verification, Git/GitHub/S3 scanning. Free. No feature restrictions on the CLI itself.
### Paid (Enterprise) TruffleSecurity Enterprise: dashboard, API, continuous monitoring, team management, compliance reporting. Pricing is custom; contact for quotes. Targeted at security teams managing large organizations.
### Self-Hosted Costs The CLI is a single binary. Zero infrastructure cost beyond your CI runner. Org-wide scans of large GitHub organizations take compute time but no special infrastructure.
### When to Pay Pay for Enterprise when you need a centralized dashboard, continuous scanning across 100+ repos, or compliance audit trails. The CLI handles individual repo scanning at any scale.
CLI is free and powerful. Enterprise for centralized dashboards and compliance at org scale.
Similar Tools
About
- Stars
- 26,116
- Forks
- 2,375
Explore Further
More tools in the directory
openclaw
Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞
370.3k ★claw-code
The repo is finally unlocked. enjoy the party! The fastest repo in history to surpass 100K stars ⭐. Join Discord: https://discord.gg/5TUQKqFWd Built in Rust using oh-my-codex.
190.9k ★n8n
Fair-code workflow automation with native AI capabilities
187.3k ★