TruffleHog is a tool that can hunt down high-entropy encryption keys that may have been accidentally committed to git repositories.
People make mistakes and sometimes private encryption keys are accidentally committed to public git repositories like GitHub. It’s a pretty common problem.
A security researcher has now released a tool that can scan git repositories to find encryption keys that contain high-entropy. This tool can be helpful for IT administrators who want to ensure there aren’t any private keys floating around in public git repos that could potentially expose their networks and sensitive data. Mind you, there’s nothing stopping hackers from using TruffleHog to find and exploit these keys either.
Here’s how it works:
“This module will go through the entire commit history of each branch, and check each diff from each commit, and evaluate the Shannon entropy for both the base64 char set and hexidecimal character set for every blob of text greater than 20 characters comprised of those character sets in each diff.”
If a high entropy string greater than 20 characters is detected, it will print to the screen.
TruffleHog requires GiPython, a python library used to interact with git repositories, to work. You can get TruffleHog on the GitHub page here.