Skip to main content

GitHub Access Token

Description#

General#

  • Documentation: https://docs.github.com/en/rest/overview/other-authentication-methods#via-oauth-and-personal-access-tokens

  • Summary: GitHub is a code hosting platform for version control and collaboration. GitHub offers a very detailed API to programmatically control accounts. Most calls to API endpoints must be authenticated using dedicated tokens. These detectors focus on catching any type of token giving some access to a GitHub account. Supported GitHub tokens are :

    • Personal Access Tokens : These are issued by a GitHub user with a given scope of permissions.
    • GitHub OAuth Access Tokens : These tokens are issued in an OAuth flow to authorize an application to act on behalf of a user.
    • GitHub User-to-server Tokens : These tokens are issued for a GitHub App and grant access to some API resources on behalf of a user. They last 8 hours and have to be refreshed afterwhat.
    • GitHub Server-to-server Token : These are tokens issued for a given GitHub App installation. They grant access to some API resources on behalf of an application's installation. These will last an hour by default.
  • IPs allowlist: No

  • Scopes: Scopes and permissions of the token can be chosen when creating a GitHub personal access token see here. In case the leaked token is associated to a GitHub App or a GitHub Oauth App, the token has the permission that the application requested during the authorization flow : see the available list here.

Revoke the secret#

Tokens can be revoked from the access tokens panel. Both personal access tokens and other types of tokens can be managed from this page.

Check for suspicious activity#

There is no way to check the exact last API calls made with a token. However, GitHub offers the possibility to review quite thoroughly security logs.

Details for Github token#

  • Category: Version control platform

  • Company: GitHub

  • High recall: False

  • Validity check available: True

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 0.43

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r)?html5?~?$  - ^[aps]?cssc?~?$  - ^lock$  - ^mdx?~?$  - ^storyboard(c|er)?~?$  - ^xib$  - cs  - ebuild  - rst  - txt  banlist_filenames:  - Cartfile\.resolved  - Portfile$  - \.gitrepo$  - ^m$  - _config\.yml$  - arm64  - build-log  - dependencies  - deps  - kernel  - monitor\.log  - ngsw\.json  - packages  - release(_|-)notes  - search_plus_index\.json  - vendor  - vendor\.conf  - x86  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - gh[-_.]?api[-_]?key  - gh[-_.]?token  - github- type: ContentWhitelistPreValidator  patterns:  - '[0-9a-f]{40}'

Examples#

- text: "github_token: 368ac3edf9e850d1c0ff9d6c526496f8237ddf19"  apikey: 368ac3edf9e850d1c0ff9d6c526496f8237ddf19
- text: >    GitHub(81c4ef6cabcf4473bb98b28de4fb9ac606b97f6b)  apikey: 81c4ef6cabcf4473bb98b28de4fb9ac606b97f6b
- text: >    GitHubToken = 81c4ef6cabcf4473bb98b28de4fb9ac606b97f61  apikey: 81c4ef6cabcf4473bb98b28de4fb9ac606b97f61
- text: >    GitHubToken = "81c4ef6cabcf4473bb98b28de4fb9ac606b97f62"  apikey: 81c4ef6cabcf4473bb98b28de4fb9ac606b97f62

Details for Github personal access token v2#

  • Category: Version control platform

  • Company: GitHub

  • High recall: False

  • Validity check available: True

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 0.25

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r)?html5?~?$  - ^[aps]?cssc?~?$  - ^lock$  - ^storyboard(c|er)?~?$  - ^xib$  - cs  - ebuild  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - ghp_

Examples#

- text: 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  apikey: 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

Details for Github user to server token v2#

  • Category: Version control platform

  • Company: GitHub

  • High recall: False

  • Validity check available: True

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 1

  • Occurrences found for one million commits: very rare

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r)?html5?~?$  - ^[aps]?cssc?~?$  - ^lock$  - ^storyboard(c|er)?~?$  - ^xib$  - cs  - ebuild  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - ghu_

Examples#

- text: ghu_uTzsHn7ntsbrT3RUE7dsGx3Qq4689V2Jzoq0  apikey: ghu_uTzsHn7ntsbrT3RUE7dsGx3Qq4689V2Jzoq0

Details for Github oauth access token v2#

  • Category: Version control platform

  • Company: GitHub

  • High recall: False

  • Validity check available: True

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 1

  • Occurrences found for one million commits: very rare

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r)?html5?~?$  - ^[aps]?cssc?~?$  - ^lock$  - ^storyboard(c|er)?~?$  - ^xib$  - cs  - ebuild  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - gho_

Examples#

- text: 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  apikey: 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

Details for Github server to server token v2#

  • Category: Version control platform

  • Company: GitHub

  • High recall: False

  • Validity check available: True

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 0.02

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r)?html5?~?$  - ^[aps]?cssc?~?$  - ^lock$  - ^storyboard(c|er)?~?$  - ^xib$  - cs  - ebuild  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - ghs_

Examples#

- text: ghs_uTzsHn7ntsbrT3RUE7dsGx3Qq4689V2Jzoq0  apikey: ghs_uTzsHn7ntsbrT3RUE7dsGx3Qq4689V2Jzoq0