-
Hi folks,
I came across a bug where Trufflehog incorrectly report line number for base64-encoded GCP credentials. The core issue here seems to be that the line number were extracted from the `priva…
-
### Community Note
* Please vote on this issue by adding a 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to the original issue to help the com…
-
### Describe what should be investigated or refactored
A deployment of UDS Core will use default TLS certificates as they are baked into the Core Zarf package. These are publicly available in GitHu…
-
Please review the [Community Note](https://github.com/trufflesecurity/trufflehog/blob/main/.github/community_note.md) before submitting
## Description
Random EOF errors like below appear to be a…
rgmz updated
9 months ago
-
There is a common pattern in detectors that can lead to undetected false negative results (e.g., result.Verified is set to false even though the issue is valid).
The pattern:
```go
for _, match…
-
Please review the [Community Note](https://github.com/trufflesecurity/trufflehog/blob/main/.github/community_note.md) before submitting
### TruffleHog Version
3.55.1
### Trace Output
### E…
-
- [x] Fuzzing wordlist https://github.com/reewardius/bbFuzzing.txt
- Added to onelistforallshort
- [ ] Arjun on deep mode?
- [ ] Recheck ffuf post processing cuz -ach apparently works wrong
- [ …
-
https://github.com/trufflesecurity/trufflehog
-
skipfish
smap
cmsmap
sstimap
graphqlmap
sqlmap
nosqlmap
sitadel
diablo
hacktronian
xssrtike
cariddi
corsy
commix
filebuster
injectus
dotdotpwn
LFISuite
SSRFmap
XXEinjector
truff…
-
Based on feedback from @TMDeal, @liquidsec, and @aconite33, there are sometimes a lot of postman results where it's hard to tell how they're related to the target.
@domwhewell-sage has already add…