Merge pull request #1195 from za/issue-1193-trufflehog-update

Issue 1193: update trufflehog command on the challenge 1 hint doc
OWASP · Jan 23, 2024 · 43005ed · 43005ed
2 parents 5df41ff + 69f1216
commit 43005ed
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/src/main/resources/explanations/challenge1_hint.adoc b/src/main/resources/explanations/challenge1_hint.adoc
@@ -21,4 +21,11 @@ You can solve this challenge by the following steps:
 4. You can scan the repository with https://github.com/trufflesecurity/trufflehog[*Trufflehog*].
 - Clone the repo with `git clone https://github.com/OWASP/wrongsecrets`.
 - Follow the instructions https://github.com/trufflesecurity/trufflehog[here] to install Trufflehog.
+- Follow these instructions to download the https://github.com/trufflesecurity/trufflehog/blob/4afc224c635d10e732119f715f93788af1502ce4/examples/README.md[generic detector] file
+- Download trufflehog generic detector `wget https://raw.githubusercontent.com/trufflesecurity/trufflehog/main/examples/generic.yml`.
+- Scan the files using `trufflehog filesystem --config=$PWD/generic.yml . | grep password` and the password will be in the output.
+
+5. Alternative, you can use the older Trufflehog 2:
+- Have python and pip3 installed, and run `pip3 install trufflehog` to install Trufflehog 2.
 - Scan the files using `trufflehog . | grep password` and the password will be in the output.
+- Please note that Trufflehog 2 was released [> 5 years ago](https://github.com/trufflesecurity/trufflehog/tags?after=v3.0.0) and no longer [maintained](https://github.com/trufflesecurity/trufflehog/issues/2328).