Token Exploiter is a tool designed to analyze GitHub Personal Access Tokens. It provides a comprehensive overview of the permissions and data accessible with a given token, making it useful for security audits and penetration testing.
- Analyze GitHub Personal Access Tokens
- Display user information, repositories, organizations, gists, SSH keys, emails, followers, following, and webhooks
- Export all gathered information to a well-formatted PDF
- Web-based interface with real-time progress updates
- Copy functionality for repository clone commands
-
Clone the repository:
git clone https://github.com/psyray/token-exploiter.git cd token-exploiter -
Install the package:
pipx install .
-
Run the Token Exploiter:
token-exploiter -
Open the provided URL in your web browser.
-
Enter a GitHub Personal Access Token and click "Analyze".
-
View the results and use the "Export PDF" button to download a comprehensive report.
- Debug mode:
token-exploiter -d - Custom host and port:
token-exploiter -l IP:PORT
This tool is intended for authorized security testing and auditing purposes only. Always ensure you have permission to analyze tokens and respect GitHub's terms of service and API usage limits.
Contributions are welcome! Please feel free to submit a Pull Request.
This project is licensed under the GNU GPL 3 License - see the LICENSE file for details.