keyhog — a high‑performance credential leak scanner for code and infrastructure

⚙️ Tools2026-06-01, 09:06
A Rust‑based tool for detecting credential leaks in source code, git history, Docker images, S3 buckets, and running systems. Works fully offline.
Features: 📍 894 detectors for specific services and formats (.env, JSON, YAML, Dockerfile, sh, INI, GitHub Actions, k8s). 📍 Hyperscan SIMD and optional GPU support for faster scanning. 📍 Encoding recognition (base64/hex/url/protobuf) and ML‑based validity scoring. 📍 SARIF report format, baseline mode to filter out old leaks.
Compared with TruffleHog, Gitleaks and ggshield, keyhog wins on speed (down to seconds when scanning thousands of files) and ease of deployment without Python/JVM, though it has fewer ready‑made policies and corporate dashboards.
📎 Tool: https://github.com/santhsecurity/keyhog
💬 Discuss
Vendors
Santhsecurity
Github
Docker
Rust
Products
Docker
Ggshield
Github Actions
Gitleaks
Hyperscan
Jvm
More
Published
2026-06-01, 09:06