Many tools exist to search a Git repository for potentially sensitive information. Each of these may have different capabilities and use different detection methods.
Here is a curated list of the secret detection tools we've come across:
| Name | URL | Installs Pre-Commit Hook? | Supported by watcher |
Description |
|---|---|---|---|---|
| detect-secrets | https://github.com/Yelp/detect-secrets | ✅ | ✅ | An enterprise friendly way of detecting and preventing secrets in code. |
| git-secrets | https://github.com/awslabs/git-secrets | ✅ | ✅ | Prevents you from committing secrets and credentials into git repositories |
| Talisman | https://github.com/thoughtworks/talisman | ✅ | Talisman validates the outgoing changeset for things that look suspicious using pre-push Git hooks | |
| truffleHog | https://github.com/dxa4481/truffleHog | Searches through git repositories for high entropy strings and secrets, digging deep into commit history | ||
| yar | https://github.com/Furduhlutur/yar | Yar is a tool for plunderin' organizations, users and/or repositories. | ||
| repo-supervisor | https://github.com/auth0/repo-supervisor | Scan your code for security misconfiguration, search for passwords and secrets. 🔍 | ||
| gitleaks | https://github.com/zricethezav/gitleaks | Audit git repos for secrets 🔑 | ||
| gitrob | https://github.com/michenriksen/gitrob | Reconnaissance tool for GitHub organizations | ||
| repo-security-scanner | https://github.com/UKHomeOffice/repo-security-scanner | CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys | ||
| GitGot | https://github.com/BishopFox/GitGot | Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets. | ||
| shhgit | https://github.com/eth0izzle/shhgit/ | Shhgit finds secrets and sensitive files across GitHub code and Gists committed in near real time by listening to the GitHub Events API. | ||
| gitGraber | https://github.com/hisxo/gitGraber | Monitor GitHub to search and find sensitive data in real time for different online services. | ||
| rusty-hog | https://github.com/newrelic/rusty-hog | A suite of secret scanners built in Rust for performance. Based on TruffleHog. | ||
| Token-Hunter | https://gitlab.com/gitlab-com/gl-security/gl-redteam/token-hunter | Gather OSINT from GitLab groups and group members. Inspect GitLab assets for sensitive information like GitLab Personal Access Tokens, AWS Auth Tokens, Google API Keys, and much more. |