Tools and Features that can be Used to Detect Sensitive Data Leaks from Github — Part 2


TruffleeHug is a tool used to find sensitive information that is accidentally committed or stuck on intermediate commits by digging into commit history and branches. Each branch’s commit history is checked. We can increase the commit depth using parameters. Since it works on a URL basis, it is among the target-specific tools.


Username, password and email that are in the repo can be detected by giving a clonable link/user repo link. There are password detection with a good success rate which haven’t come as alerts at SOCRadar. If we want to use it effectively, we need to identify the repo of the company employees.

Github Dorks

python -u → All repos belonging to the company/an employee can be defined with the name of the repo where the company takes place.

Repo Scanner

Reposcanner is a python script to search through the commit history of Git repositories looking for interesting strings such as API keys, inspired by truffleHog.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store