Trufflehog supports scanning of deleted files?

[ERANV-EVA]

Hi TruffleHog team,

I wanted to ask whether TruffleHog supports scanning for secrets in deleted GitHub objects—such as files or commits that have been removed but are still accessible through Git internals—as described in this research: https://medium.com/@sharon.brizinov/how-i-made-64k-from-deleted-files-a-bug-bounty-story-c5bd3a6f5f9b.

Does the tool currently handle these cases, or are there any plans to support this capability?

[dylanTruffle]

Hey @ERANV-EVA we do have a very robust and complete way to scan all this deleted data that utlizes GitHub's graphQL api:

trufflehog github-experimental --repo https://github.com/<USER>/<REPO>.git --object-discovery --token <yourgithubtoken>

There are some down sides to this approach, specifically, rate limits, as well as the fact in addition to deleted data, it also pulls in unmerged and private data through the fork network the repo is attached to.

Here's our blog on it:

https://trufflesecurity.com/blog/trufflehog-now-finds-all-deleted-and-private-commits-on-github

We are currently researching Sharon's method, what I will say is the graphQL method is 100% complete, and surfaces more than Sharon's method, it's just a lot slower. We're looking to soon have support for both in the near term future.

[ERANV-EVA]

Hi @dylanTruffle,
Looking forward to the support of Sharon's method, the experimental is super slow and not so easy to use.

Thanks for the hard work for the community, LMK in any case of help needed.

[nabeelalam]

Hey @ERANV-EVA , I'm closing this issue since it looks like you got your answer.

[ERANV-EVA]

Hi @nabeelalam @dylanTruffle
Let me know the research results if possible =]

[dylanTruffle]

I'm opening t his because I don't think it's been resolved yet, but it's related to #2494