Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Credentials Masked while giving output in json Format #682

Closed
SecTheBit opened this issue Aug 1, 2022 · 2 comments
Closed

Credentials Masked while giving output in json Format #682

SecTheBit opened this issue Aug 1, 2022 · 2 comments
Labels
bug

Comments

@SecTheBit
Copy link

Hi Team,
It has been observed that trufflehog is Masking the credentials while giving output in json format.
For example, this mongodb credentials has been detected , and also showing the leaked credentials (refer screenshot below)
Screenshot from 2022-08-01 17-36-23.
But when I used the --json flag ,then in the output the credentials have been masked. (refer below screenshot)

Screenshot from 2022-08-01 17-43-18

Yes, the credentials has been shown in raw , in base64 format , but what is the purpose of encoding that in base64, can't we just show in the raw format.
@SecTheBit SecTheBit added the bug label Aug 1, 2022
@SecTheBit
Copy link
Author

Also, I run the trufflehog with following command on my github repo (https://github.com/secthebit/Test_Keys) and in the output some of the api keys shown has been base64 encoded and some of them are not (refer screenshot below)

./trufflehog git --only-verified https://github.com/secthebit/Test_Keys.git --json

Screenshot from 2022-08-02 13-20-54

@dustin-decker
Copy link
Contributor

This is a bug with the json output format that will be fixed by #825

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mcastorina @dustin-decker @SecTheBit