Home | Blog

Zach Rice

Find me:


Work Experience

Open Source

Gitleaks (Go)
Gitleaks is a SAST tool for detecting and preventing hardcoded secrets like passwords, api keys, and tokens in git repos. Gitleaks is an easy-to-use, all-in-one solution for detecting secrets, past or present, in your code. Over 12M downloads on DockerHub, 15k stars on GitHub, 5M downloads on Github, and 630k brew installs. Gitleaks is used by the many companies, government agencies, universities, and startups.

Gitleaks-Action (Javascript)
Gitleaks-Action is a free GitHub Action that runs Gitleaks on your GitHub repos. Used by thousands of organizations and developers.

h1domains (Python)
Small script to pull all the domains from HackerOne's bug bounty program directory. Scheduled to run hourly on a Github-Actions. This list helps bug bounty hunters find new programs to hack on.

TruffleHog (Go)
Like Gitleaks, TruffleHog is a SAST tool for detecting secrets like passwords, api keys, and tokens in git repos, filesystems, Slack messages, Jira tickets, GitHub comments, etc. TruffleHog is able to verify the liveliness of secrets by attempting to use the secret to authenticate with the secret provider. This essentially eliminates false positives.

Go-TDAmeritrade (Go)
Go client for the tdameritrade api. Helpful for building trading bots.

See also: GitHub


Blog: Hacktoberfest Winners [Truffle Security Co. Blog]

Blog: Contributor Spotlight [Truffle Security Co. Blog]

Blog: Hacktoberfest and Video [Truffle Security Co. Blog]

Blog: Making TruffleHog Faster with Aho-Corasick [Truffle Security Co. Blog]

Video: How to create a Detector [YouTube]

Video/Talk: All Things Open Talk [YouTube]

Video: Zach Rice Joins Truffle Security [YouTube]

Blog: Finding Secrets with Regular Expressions [Gitleaks Blog]

Blog: Getting Started with Gitleaks-Action [Gitleaks Blog]


UIUC BA Computer Engineering 2015