Cheatsheet - AWS - Scenario - Uncovering credentials with TruffleHog

Overview

Utilise Trufflehog to find credentials. TruffleHog can look for secrets in many places including Git, chats, wikis, logs, API testing platforms, object stores, filesystems and more

Service/Tool: Trufflehog
Use Case:
Prerequisites: Access to data from the target organisation that can be scanned for secrets, such as source code, wikis, logs etc.

---

Attack Workflow

1. Step 1 (Discovery/Access) - Manual

Objective: Use Trufflehog to find credentials within source code.
Command/Method:

We can install TruffleHog with the following:

pip install trufflehog

We can then clone the repository of our target, and set TruffleHog to work on the cloned repo:

trufflehog --regex --entropy=False target-repo/

TruffleHog also has the ability to remote check a repo without first needing to clone it:

trufflehog https://github.com/repo/reponame --max_depth 2

---

Notes and References

Links:
GitHub - Trufflehog