TruffleHog is an open-source security scanner that digs through Git repositories and other sources to uncover secrets such as API keys, credentials, and tokens. It helps teams ensure that sensitive data isn't accidentally exposed in version control systems. This tutorial explains how to install TruffleHog on Ubuntu 24.04.
Prepare environment
Verify that Git is already installed on the system. If not, check out the post on installing it.
Install TruffleHog
First, fetch the latest release number directly from the TruffleHog GitHub repository and store it in a variable:
TRUFFLEHOG_VERSION=$(curl -s "https://api.github.com/repos/trufflesecurity/trufflehog/releases/latest" | grep -Po '"tag_name": "v\K[0-9.]+')
Next, download the corresponding archive:
wget -qO trufflehog.tar.gz https://github.com/trufflesecurity/trufflehog/releases/latest/download/trufflehog_${TRUFFLEHOG_VERSION}_linux_amd64.tar.gz
Extract the binary into /usr/local/bin
:
sudo tar xf trufflehog.tar.gz -C /usr/local/bin trufflehog
Verify the installation by checking the TruffleHog version:
trufflehog --version
After confirming the setup, you can safely remove the downloaded archive:
rm -rf trufflehog.tar.gz
Testing TruffleHog
To see TruffleHog in action, try scanning a public repository with known test credentials:
trufflehog git https://github.com/trufflesecurity/test_keys --no-update --results=verified,unknown
This command analyzes the provided repository and prints any findings. Example output (truncated):

Uninstall TruffleHog
If you need to uninstall TruffleHog, just delete the binary from the system:
sudo rm -rf /usr/local/bin/trufflehog
Leave a Comment
Cancel reply