TruffleHog
Secrets discovery, classification, and live-verification tool with 700+ detectors, usable by agents to find leaked credentials.
🛡️ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for TruffleHog, derived from its capabilities.
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.
Overview
TruffleHog finds, verifies, and analyzes leaked credentials across git, chats, wikis, logs, object stores, and filesystems using 700+ verified detectors that make live API calls to confirm whether a secret is still valid. As agent tooling it lets an assistant scan repos and history for exposed credentials before they are abused. Running verification calls and reading source make it a sensitive scanning surface.
Key features
- 700+ verified secret detectors
- Live credential validation
- Scans git, chats, logs, object stores, filesystems
Use cases
- Scan a repo and history for live secrets
- Verify whether a leaked credential is still active