1. Scans a local filesystem project directory for any secrets.
trufflehog.exe filesystem D:\www --json
Try it
Filesystem scan of the shared samples directory
Run 'trufflehog filesystem <dir>' against TryIt/_samples/ with --json (NDJSON output, one finding per line), --no-update (skip the self-update HTTP check), and --no-verification (don't hit external APIs to confirm whether the credential is live). The samples folder is intentionally credential-free, so a clean scan demonstrates the happy-path output - empty stdout means no secrets detected.
Scan a sandbox with a planted fake credential
Create a UUID-named temp directory, write a small text file containing a synthetic AWS-format credential (obviously-fake all-uppercase sequence, never a real key), then run trufflehog filesystem on that directory with --json --no-update --no-verification. The detector will flag the AWS pattern and emit an NDJSON finding; with verification disabled the result is marked unverified. The sandbox is deleted afterwards so nothing leaks into the project tree.
# TruffleHog - Help
Source: https://github.com/trufflesecurity/trufflehog
```
usage: TruffleHog [<flags>] <command> [<args> ...]
TruffleHog is a tool for finding credentials.
Flags:
-h, --[no-]help Show context-sensitive help (also try
--help-long and --help-man).
--log-level=0 Logging verbosity on a scale of 0 (info) to 5
(trace). Can be disabled with "-1".
--[no-]profile Enables profiling and sets a pprof and fgprof
server on :18066.
-j, --[no-]json Output in JSON format.
--[no-]json-legacy Use the pre-v3.0 JSON format. Only works with
git, gitlab, and github sources.
--[no-]github-actions Output in GitHub Actions format.
--concurrency=8 Number of concurrent workers.
--[no-]no-verification Don't verify the results.
--results=RESULTS Specifies which type(s) of results to
output: verified, unknown, unverified,
filtered_unverified. Defaults to
verified,unverified,unknown.
--[no-]no-color Disable colorized output
--[no-]allow-verification-overlap
Allow verification of similar credentials
across detectors
--[no-]filter-unverified Only output first unverified result per
chunk per detector if there are more than one
results.
--filter-entropy=FILTER-ENTROPY
Filter unverified results with Shannon entropy.
Start with 3.0.
--config=CONFIG Path to configuration file.
--[no-]print-avg-detector-time
Print the average time spent on each detector.
--[no-]no-update Don't check for updates.
--[no-]fail Exit with code 183 if results are found.
--verifier=VERIFIER ... Set custom verification endpoints.
--[no-]custom-verifiers-only
Only use custom verification endpoints.
--detector-timeout=DETECTOR-TIMEOUT
Maximum time to spend scanning chunks per
detector (e.g., 30s).
--archive-max-size=ARCHIVE-MAX-SIZE
Maximum size of archive to scan. (Byte units
eg. 512B, 2KB, 4MB)
--archive-max-depth=ARCHIVE-MAX-DEPTH
Maximum depth of archive to scan.
--archive-timeout=ARCHIVE-TIMEOUT
Maximum time to spend extracting an archive.
--include-detectors="all" Comma separated list of detector types to
include. Protobuf name or IDs may be used,
as well as ranges.
--exclude-detectors=EXCLUDE-DETECTORS
Comma separated list of detector types to
exclude. Protobuf name or IDs may be used,
as well as ranges. IDs defined here take
precedence over the include list.
--[no-]no-verification-cache
Disable verification caching
--[no-]force-skip-binaries
Force skipping binaries.
--[no-]force-skip-archives
Force skipping archives.
--[no-]skip-additional-refs
Skip additional references.
--user-agent-suffix=USER-AGENT-SUFFIX
Suffix to add to User-Agent.
--[no-]version Show application version.
Commands:
help [<command>...]
Show help.
git [<flags>] <uri>
Find credentials in git repositories.
github [<flags>]
Find credentials in GitHub repositories.
github-experimental --repo=REPO [<flags>]
Run an experimental GitHub scan. Must specify at least one experimental
sub-module to run: object-discovery.
gitlab --token=TOKEN [<flags>]
Find credentials in GitLab repositories.
filesystem [<flags>] [<path>...]
Find credentials in a filesystem.
s3 [<flags>]
Find credentials in S3 buckets.
gcs [<flags>]
Find credentials in GCS buckets.
syslog [<flags>]
Scan syslog
circleci --token=TOKEN
Scan CircleCI
docker --image=IMAGE [<flags>]
Scan Docker Image
travisci --token=TOKEN
Scan TravisCI
postman [<flags>]
Scan Postman
elasticsearch [<flags>]
Scan Elasticsearch
jenkins --url=URL [<flags>]
Scan Jenkins
huggingface [<flags>]
Find credentials in HuggingFace datasets, models and spaces.
stdin
Find credentials from stdin.
multi-scan
Find credentials in multiple sources defined in configuration.
analyze
Analyze API keys for fine-grained permissions information.
```
