Which tool is used to search a Git repository for secrets that could be committed accidentally?

When you want to prevent secrets from being accidentally committed in a Git repository, you need a tool that hunts through the repository’s history for suspicious strings that look like credentials. That’s what truffleHog does expertly. It scans the entire Git history—every commit and branch—for high-entropy values and known secret patterns, surfacing potential API keys, tokens, and other credentials. It can show you exactly where the secret appeared (file path and commit), so you can remove it and rotate the secret. This capability to detect secrets even after they’ve been removed from the latest snapshot is why it’s the right fit for this task. Other tools aren’t designed for this purpose. Nmap is a network scanner, not focused on code or secret detection. John the Ripper is a password-cracking tool used for testing password strength offline. Metasploit is a framework for developing and executing exploits. They don’t specialize in identifying accidentally committed secrets in Git history.