TruffleHog

MITRE

Malware Type:
Tool

First seen:
Unknown

Last seen:
Unknown

Details:

[TruffleHog](https://attack.mitre.org/software/S9009) is an open-source secrets-discovery tool that is used to search for credentials, API keys, and encryption keys across a variety of data sources and environments.(Citation: Black Hills Information Security TruffleHog January 2024)(Citation: Github TruffleSecurity Trufflehog April 2025) [TruffleHog](https://attack.mitre.org/software/S9009) has the ability to discover credentials and secrets stored in code repositories, git history, CI/CD pipelines, among other common storage locations to include filesystems and cloud storage buckets.(Citation: Black Hills Information Security TruffleHog January 2024)(Citation: Netskope Shai-Hulud November 2025)(Citation: Github TruffleSecurity Trufflehog April 2025) [TruffleHog](https://attack.mitre.org/software/S9009) was first released by its author in 2016.(Citation: Github TruffleSecurity Trufflehog April 2025)

Associated Techniques (16)

ID	ATT&CK	Tactics
T1005	Data from Local System	-
T1059.009	Cloud API	-
T1078.004	Cloud Accounts	-
T1083	File and Directory Discovery	-
T1213.001	Confluence	-
T1213.002	Sharepoint	-
T1213.003	Code Repositories	-
T1213.005	Messaging Applications	-
T1526	Cloud Service Discovery	-
T1528	Steal Application Access Token	-
T1530	Data from Cloud Storage	-
T1552.001	Credentials In Files	-
T1552.005	Cloud Instance Metadata API	-
T1555.006	Cloud Secrets Management Stores	-
T1580	Cloud Infrastructure Discovery	-

Aliases (25)

Trufflehog Trufflehog Trufflehog Trufflehog Trufflehog Trufflehog Trufflehog Trufflehog Trufflehog Trufflehog Trufflehog Trufflehog Trufflehog Trufflehog Trufflehog Trufflehog Trufflehog Trufflehog Trufflehog Trufflehog Trufflehog Trufflehog Trufflehog Trufflehog Trufflehog

Metadata

ID:	164838
Created:	28/04/2026 16:00
Updated:	10/05/2026 16:00