Trufflehog
Item media 1 screenshot

Overview

Sniffing out credentials

The TruffleHog chrome extension looks for API keys and credentials on websites visited, and alerts you if there are any present. This is useful for doing pentests and code reviews, because it helps identify keys that would otherwise either be missed or have to be searched for manually

5 out of 56 ratings

Google doesn't verify reviews. Learn more about results and reviews.

Review's profile picture

Paranjay SinghApr 20, 2024

api keys exposed

Review's profile picture

error fiatJan 15, 2024

perfect

Review's profile picture

Vimal Vinz (Vimal Vinz)Dec 6, 2023

easy to grep. ;)

1 person found this review to be helpful

Details

  • Version
    0.0.1
  • Updated
    September 21, 2021
  • Offered by
    dylan
  • Size
    34.61KiB
  • Languages
    English (United States)
  • Developer
    Email
    founders@trufflesec.com
  • Non-trader
    This developer has not identified itself as a trader. For consumers in the European Union, please note that consumer rights do not apply to contracts between you and this developer.

Privacy

The developer has disclosed that it will not collect or use your data.

This developer declares that your data is

  • Not being sold to third parties, outside of the approved use cases
  • Not being used or transferred for purposes that are unrelated to the item's core functionality
  • Not being used or transferred to determine creditworthiness or for lending purposes

Support

For help with questions, suggestions, or problems, visit the developer's support site

Related

Hack-Tools

4.7(22)

The all in one Red team extension for web pentester

CounterXSS

5.0(1)

An Extension to counter XSS attack!

retire.js

4.9(7)

Scanning website for vulnerable js libraries

Bishop Vulnerability Scanner

3.8(12)

Search websites for git repos, exposed config files, and more as you browse.

DotGit

5.0(8)

An extension for checking if .git is exposed in visited websites

Shodan

4.5(132)

The Shodan plugin tells you where the website is hosted (country, city), who owns the IP and what other services/ ports are open.

YesWeHack VDP Finder

5.0(2)

This extension tells if visited sites have vulnerability disclosure programs

Tracy

4.0(2)

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.

Vulners Web Scanner

4.5(19)

Tiny vulnerability scanner based on vulners.com vulnerability database. Passively scan websites while you surf internet!

XSS

5.0(7)

Web Development tool

OWASP Penetration Testing Kit

4.9(43)

OWASP Penetration Testing Kit

FindSomething

4.9(28)

在网页的源代码或js中找到一些有趣的东西

Hack-Tools

4.7(22)

The all in one Red team extension for web pentester

CounterXSS

5.0(1)

An Extension to counter XSS attack!

retire.js

4.9(7)

Scanning website for vulnerable js libraries

Bishop Vulnerability Scanner

3.8(12)

Search websites for git repos, exposed config files, and more as you browse.

DotGit

5.0(8)

An extension for checking if .git is exposed in visited websites

Shodan

4.5(132)

The Shodan plugin tells you where the website is hosted (country, city), who owns the IP and what other services/ ports are open.

YesWeHack VDP Finder

5.0(2)

This extension tells if visited sites have vulnerability disclosure programs

Tracy

4.0(2)

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.

Google apps