git-dumper vs TruffleHog
GitHub Stats
About git-dumper
git-dumper downloads and reconstructs Git repositories from web servers where the .git directory is accidentally exposed. Many deployments leave .git accessible, exposing full source code, commit history, configuration files, and potentially credentials. git-dumper handles the complex process of downloading individual Git objects, reconstructing the pack files, and rebuilding a complete working repository. It supports recursive object resolution, handles missing objects gracefully, and works through redirects and basic authentication. A critical tool for web application pentesting where source code access dramatically accelerates vulnerability discovery.
About TruffleHog
TruffleHog scans for leaked credentials and secrets in Git repositories, S3 buckets, filesystems, and more. It uses both regex patterns and entropy analysis to detect API keys, passwords, tokens, and other sensitive data that may have been accidentally committed. TruffleHog supports over 800 credential detectors and can verify discovered credentials against the actual services to confirm they are still active.
Platform Support
Tags
git-dumper only
TruffleHog only