TruffleHog (Python Library)

2.2.1 · abandoned · verified Thu Apr 16

TruffleHog is an older Python library, version 2.2.1, designed to scan git repositories for sensitive information like high entropy strings and secrets by analyzing commit history. It was last released on PyPI in 2017 (with a re-upload of the same version in 2021) and is largely unmaintained, primarily supporting Python 2 environments. The project's active development shifted to a separate Go-based implementation (TruffleHog v3.x by Truffle Security), which is not this Python library.

Common errors

Warnings

Install

Imports

Quickstart

This quickstart demonstrates how to programmatically use the `truffleHog` Python library to scan a local or remote Git repository for secrets. It calls the `find_strings` function, which is the primary entry point for initiating a scan with various configurable parameters for entropy and regex checks. The provided `repo_path` should be a path to an actual Git repository for meaningful results.

import os
from truffleHog import truffleHog

# NOTE: This Python library (v2.2.1) is largely unmaintained.
# For active development and modern features, consider the Go-based TruffleHog CLI.
# This quickstart demonstrates the API for the Python 2.2.1 version.

# Replace with a valid local git repository path or URL
# For demonstration, we'll use a dummy path. TruffleHog needs a real git repo.
# In a real scenario, you'd clone a repo or use an existing one, e.g.,
# repo_path = 'https://github.com/some/repo.git'
repo_path = os.environ.get('TRUFFLEHOG_REPO_PATH', '/tmp/trufflehog_test_repo')

if not os.path.exists(repo_path) or not os.path.isdir(os.path.join(repo_path, '.git')):
    print(f"Warning: '{repo_path}' is not a valid git repository. Output may be empty.")
    print("Please provide a path to a cloned git repository or a git URL.")
    # Attempt to create a dummy directory to avoid immediate FileNotFoundError
    os.makedirs(repo_path, exist_ok=True)
    # A real repo would be cloned like:
    # import git
    # git.Repo.clone_from('https://github.com/dxa4481/truffleHog.git', repo_path)

print(f"Scanning repository: {repo_path}")

# The main `find_strings` function initiates the scan.
# Parameters like `do_print_json`, `entropy_checks_enabled`, `regex_checks_enabled`
# control the scanning behavior. Many other options exist.
secrets = truffleHog.find_strings(
    repo_path=repo_path,
    do_print_json=False,  # Set to True to print JSON output to stdout
    entropy_checks_enabled=True,
    regex_checks_enabled=True,
    max_depth=1000000, # Scan all history by default
    commit_max_depth=1000000,
    since_commit=None,
    delta=0,
    max_filesize=100000 # Max file size to check in bytes
)

if secrets:
    print("\nFound potential secrets:")
    for secret in secrets:
        # The `secrets` object is a list of dictionaries with scan results
        print(secret)
else:
    print("\nNo secrets found (or scanner failed to run without a proper git repo).")

view raw JSON →