A tool that has been designed to find encrypted keys on GitHub is now available online. Called TruflleHog, the latest development obtains results from git repositories.
“Searches through git repositories for high-entropy strings, digging deep into commit history and branches,” reads the description of TruffleHog on GitHub.
To bring out results, TruffleHog enters into the commit history of each branch and then checks each diff from commit and evaluates the shannon entropy. It assesses both the base64 char set and hexadecimal char set for every blob of text greater than 20 characters of each diff. If a high-entrophy string is found to have less than 20 characters, the tool automatically prints the string to the screen.
Based on Python, TruffleHog uses the GitPython library to investigate diffs from commits. The same module is reportedly being used to search GitHub for private keys related to Amazon Web Services.