trufflehog icon indicating copy to clipboard operation
trufflehog copied to clipboard

Published 20 hours ago verified publisher icon trufflesecurity

Analyzing GitHub Enterprise Cloud Managed User secrets always fails when getting gists

Open Nothing4You opened this issue 2 months ago • 2 comments

TruffleHog Version

trufflehog 3.90.2

Trace Output

N/A: analyze does not work with log level

trufflehog --log-level=5 analyze
2025-07-28T17:34:47+02:00	info-2	trufflehog	trufflehog 3.90.2
🐷🔑🐷  TruffleHog. Unearth your secrets. 🐷🔑🐷

2025-07-28T17:34:47+02:00	info-4	trufflehog	default engine options set
2025-07-28T17:34:47+02:00	info-4	trufflehog	engine initialized
2025-07-28T17:34:47+02:00	info-4	trufflehog	setting up aho-corasick core
2025-07-28T17:34:47+02:00	info-4	trufflehog	set up aho-corasick core
2025-07-28T17:34:47+02:00	info-2	trufflehog	starting scanner workers	{"count": 14}
2025-07-28T17:34:47+02:00	info-2	trufflehog	starting detector workers	{"count": 112}
2025-07-28T17:34:47+02:00	info-2	trufflehog	starting verificationOverlap workers	{"count": 14}
2025-07-28T17:34:47+02:00	info-2	trufflehog	starting notifier workers	{"count": 14}
2025-07-28T17:34:47+02:00	error	trufflehog	error running scan	{"error": "invalid command: analyze"}

Expected Behavior

Analyzing GitHub secrets should work.

Actual Behavior

Always stuck on

Error getting gists.
[x] GET https://api.github.com/gists?page=1&per_page=100: 403 Rate Limit Exceeded []

Steps to Reproduce

  1. Run trufflehog analyze
  2. Select GitHub
  3. Enter ghp_* or github_pat_* secret
  4. Run TruffleHog Analyze
  5. See error

Environment

  • OS: macOS
  • Version: 15.5

Additional Context

This is 100% reproducible with enterprise managed users. With a non-managed user it ~~seems to just get stuck, but due to the lack of logs I can't tell what's going on there~~ works, it just takes a long time for my account due to the public repos being iterated.

Since GitHub Enterprise Managed Users don't support gists and they're only able to see public gists this is likely just a misleading error message, as the rate limit headers on the response seem to indicate being well within limits:

< HTTP/2 403
< content-type: application/json; charset=utf-8
< content-length: 113
< x-github-media-type: github.v3; format=json
< x-github-api-version-selected: 2022-11-28
< x-ratelimit-limit: 5000
< x-ratelimit-remaining: 4996
< x-ratelimit-reset: 1753720865
< x-ratelimit-used: 4
< x-ratelimit-resource: core
[…]
<
{
  "message": "Rate Limit Exceeded",
  "documentation_url": "https://docs.github.com/rest",
  "status": "403"
}

References

Maybe related to #4259, though the description seems to be just about the message and not about an error being newly raised.

Nothing4You avatar Jul 28 '25 15:07 Nothing4You