GitHub Access Token
#
Description#
GeneralDocumentation: https://docs.github.com/en/rest/overview/other-authentication-methods#via-oauth-and-personal-access-tokens
Summary: GitHub is a code hosting platform for version control and collaboration. GitHub offers a very detailed API to programmatically control accounts. Most calls to API endpoints must be authenticated using dedicated tokens. These detectors focus on catching any type of token giving some access to a GitHub account. Supported GitHub tokens are :
- Personal Access Tokens : These are issued by a GitHub user with a given scope of permissions. GitGuardian supports both old and new format for these tokens.
- GitHub OAuth Access Tokens : These tokens are issued in an OAuth flow to authorize an application to act on behalf of a user.
- GitHub User-to-server Tokens : These tokens are issued for a GitHub App and grant access to some API resources on behalf of a user. They last 8 hours and have to be refreshed afterwhat.
- GitHub Server-to-server Token : These are tokens issued for a given GitHub App installation. They grant access to some API resources on behalf of an application's installation. These will last an hour by default.
- Fine-grained Personal Access Tokens : These tokens are regular personal access tokens, but they have a pattern of their own and can have a large variety of scopes.
IPs allowlist: No
Scopes: The variety of permissions associated to a GitHub access token depends on the type of token concerned :
- Several scopes and permissions can be chosen for classic GitHub personal access token
- In case the leaked token is associated to a GitHub App or a GitHub Oauth App, the token has the permission that the application requested during the authorization flow : see the available list here.
- Fine-grained personal access token can have a wide variety of permissions [described in the following list] (https://docs.github.com/en/rest/overview/permissions-required-for-fine-grained-personal-access-tokens).
#
Revoke the secretTokens can be revoked from the access tokens panel. Both personal access tokens and other types of tokens can be managed from this page.
#
Check for suspicious activityThere is no way to check the exact last API calls made with a token. However, GitHub offers the possibility to review quite thoroughly security logs.
Github token
#
Details for Family: Api
Category: Version control platform
Company: GitHub
High recall: False
Validity check available: True
On-premise instances exist: True
Only valid secrets raise an alert: True
Minimum number of matches: 1
Occurrences found for one million commits: 0.06
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: - ^csv?$ - ^ebuild$ - ^rst$ - ^txt$ - ^xcuserstate$ banlist_filenames: - Cartfile\.resolved - Portfile$ - '[0-9]+\.pack$' - \.gitrepo$ - ^m$ - _config\.yml$ - arm64 - build-log - dependencies - deps - kernel - monitor\.log - ngsw\.json - packages - release(_|-)notes - search_plus_index\.json - vendor - vendor\.conf - x86 check_binaries: false include_default_banlist_extensions: true ban_markup: false- type: ContentWhitelistPreValidator patterns: - gh[-_.]?api[-_]?key - gh[-_.]?token - github- type: ContentWhitelistPreValidator patterns: - '[0-9a-f]{40}'
#
Examples- text: "github_token: 368ac3edf9e850d1c0ff9d6c526496f8237ddf19" apikey: 368ac3edf9e850d1c0ff9d6c526496f8237ddf19
- text: | GitHub(81c4ef6cabcf4473bb98b28de4fb9ac606b97f6b) apikey: 81c4ef6cabcf4473bb98b28de4fb9ac606b97f6b
- text: | GitHubToken = 81c4ef6cabcf4473bb98b28de4fb9ac606b97f61 apikey: 81c4ef6cabcf4473bb98b28de4fb9ac606b97f61
- text: | GitHubToken = "81c4ef6cabcf4473bb98b28de4fb9ac606b97f62" apikey: 81c4ef6cabcf4473bb98b28de4fb9ac606b97f62- text: "github_token: 368ac3edf9e850d1c0ff9d6c526496f8237ddf19" apikey: 368ac3edf9e850d1c0ff9d6c526496f8237ddf19
Github personal access token v2
#
Details for Family: Api
Category: Version control platform
Company: GitHub
High recall: False
Validity check available: True
On-premise instances exist: True
Only valid secrets raise an alert: False
Minimum number of matches: 1
Occurrences found for one million commits: 234.2
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: - ^(cs|x|p|s|r|m)?html5?~?$ - ^[aps]?cssc?~?$ - ^csv?$ - ^ebuild$ - ^storyboard(c|er)?~?$ - ^xib$ banlist_filenames: [] check_binaries: false include_default_banlist_extensions: false ban_markup: false- type: ContentWhitelistPreValidator patterns: - ghp_
#
Examples- text: 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 apikey: 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
Github user to server token v2
#
Details for Family: Api
Category: Version control platform
Company: GitHub
High recall: False
Validity check available: True
On-premise instances exist: True
Only valid secrets raise an alert: False
Minimum number of matches: 1
Occurrences found for one million commits: 0.78
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: - ^(cs|x|p|s|r|m)?html5?~?$ - ^[aps]?cssc?~?$ - ^csv?$ - ^ebuild$ - ^storyboard(c|er)?~?$ - ^xib$ banlist_filenames: [] check_binaries: false include_default_banlist_extensions: false ban_markup: false- type: ContentWhitelistPreValidator patterns: - ghu_
#
Examples- text: ghu_uTzsHn7ntsbrT3RUE7dsGx3Qq4689V2Jzoq0 apikey: ghu_uTzsHn7ntsbrT3RUE7dsGx3Qq4689V2Jzoq0
Github oauth access token v2
#
Details for Family: Api
Category: Version control platform
Company: GitHub
High recall: False
Validity check available: True
On-premise instances exist: True
Only valid secrets raise an alert: False
Minimum number of matches: 1
Occurrences found for one million commits: 6.38
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: - ^(cs|x|p|s|r|m)?html5?~?$ - ^[aps]?cssc?~?$ - ^csv?$ - ^ebuild$ - ^storyboard(c|er)?~?$ - ^xib$ banlist_filenames: [] check_binaries: false include_default_banlist_extensions: false ban_markup: false- type: ContentWhitelistPreValidator patterns: - gho_
#
Examples- text: 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 apikey: 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
Github server to server token v2
#
Details for Family: Api
Category: Version control platform
Company: GitHub
High recall: False
Validity check available: True
On-premise instances exist: True
Only valid secrets raise an alert: False
Minimum number of matches: 1
Occurrences found for one million commits: 1.13
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: - ^(cs|x|p|s|r|m)?html5?~?$ - ^[aps]?cssc?~?$ - ^csv?$ - ^ebuild$ - ^storyboard(c|er)?~?$ - ^xib$ banlist_filenames: [] check_binaries: false include_default_banlist_extensions: false ban_markup: false- type: ContentWhitelistPreValidator patterns: - ghs_
#
Examples- text: ghs_uTzsHn7ntsbrT3RUE7dsGx3Qq4689V2Jzoq0 apikey: ghs_uTzsHn7ntsbrT3RUE7dsGx3Qq4689V2Jzoq0
Github fine grained pat
#
Details for Family: Api
Category: Version control platform
Company: GitHub
High recall: False
Validity check available: True
On-premise instances exist: True
Only valid secrets raise an alert: False
Minimum number of matches: 1
Occurrences found for one million commits: 0.186
Prefixed: False
PreValidators:
- type: ContentWhitelistPreValidator patterns: - github_pat_
#
Examples- text: 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 apikey: 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