Zach Rice

Find me:


Work Experience

See also: LinkedIn

Open Source

Gitleaks (Go)
Gitleaks is a SAST tool for detecting and preventing hardcoded secrets like passwords, api keys, and tokens in git repos. Gitleaks is an easy-to-use, all-in-one solution for detecting secrets, past or present, in your code. Over 12M downloads on DockerHub, 14k stars on GitHub, 5M downloads on Github, and 630k brew installs. Gitleaks is used by the many companies, government agencies, universities, and startups.

h1domains (Python)
Small script to pull all the domains from HackerOne's bug bounty program directory. Scheduled to run hourly on a Github-Actions. This list helps bug bounty hunters find new programs to hack on.

TruffleHog (Go)
Like Gitleaks, TruffleHog is a SAST tool for detecting secrets like passwords, api keys, and tokens in git repos, filesystems, Slack messages, Jira tickets, GitHub comments, etc. TruffleHog is able to verify the liveliness of secrets by attempting to use the secret to authenticate with the secret provider. This essentially eliminates false positives.

Go-TDAmeritrade (Go)
Go client for the tdameritrade api. Helpful for building trading bots.

See also: GitHub


Blog: Hacktoberfest Winners [Truffle Security Co. Blog]

Blog: Contributor Spotlight [Truffle Security Co. Blog]

Blog: Hacktoberfest and Video [Truffle Security Co. Blog]

Blog: Making TruffleHog Faster with Aho-Corasick [Truffle Security Co. Blog]

Video: How to create a Detector [YouTube]

Video/Talk: All Things Open Talk [YouTube]

Video: Zach Rice Joins Truffle Security [YouTube]

Blog: Finding Secrets with Regular Expressions [Gitleaks Blog]

Blog: Getting Started with Gitleaks-Action [Gitleaks Blog]


UIUC BA Computer Engineering 2015