Install TruffleHog on Ubuntu 24.04

TruffleHog is an open-source security scanner that digs through Git repositories and other sources to uncover secrets such as API keys, credentials, and tokens. It helps teams ensure that sensitive data isn't accidentally exposed in version control systems. This tutorial explains how to install TruffleHog on Ubuntu 24.04.

Prepare environment

Verify that Git is already installed on the system. If not, check out the post on installing it.

Install TruffleHog

First, fetch the latest release number directly from the TruffleHog GitHub repository and store it in a variable:

TRUFFLEHOG_VERSION=$(curl -s "https://api.github.com/repos/trufflesecurity/trufflehog/releases/latest" | grep -Po '"tag_name": "v\K[0-9.]+')

Next, download the corresponding archive:

wget -qO trufflehog.tar.gz https://github.com/trufflesecurity/trufflehog/releases/latest/download/trufflehog_${TRUFFLEHOG_VERSION}_linux_amd64.tar.gz

Extract the binary into /usr/local/bin:

sudo tar xf trufflehog.tar.gz -C /usr/local/bin trufflehog

Verify the installation by checking the TruffleHog version:

trufflehog --version

After confirming the setup, you can safely remove the downloaded archive:

rm -rf trufflehog.tar.gz

Testing TruffleHog

To see TruffleHog in action, try scanning a public repository with known test credentials:

trufflehog git https://github.com/trufflesecurity/test_keys --no-update --results=verified,unknown

This command analyzes the provided repository and prints any findings. Example output (truncated):

Uninstall TruffleHog

If you need to uninstall TruffleHog, just delete the binary from the system:

sudo rm -rf /usr/local/bin/trufflehog