- Documentation: https://docs.github.com/en/rest/overview/other-authentication-methods#via-oauth-and-personal-access-tokens
- Summary: GitHub accounts can be controlled programmatically (create/delete repo, create issues, push commits, ...). It is a pretty sensitive leak when the token has a lot of permissions configured. This detector aims at detecting token/host couple used to access resources hosted by on-premise GitHub installations.
- IPs allowlist: To the best of our knowledge, this feature is not supported.
- Scopes: Scopes and permissions of the token can be chosen when creating a GitHub personal access token see GitHub's documentation.
Tokens can be revoked from the access tokens panel under
developer settings by clicking on the delete button. In the case of an on-premise installation, the previously mentionned URL needs to be modified.
As far as we know, there is no way to check the last calls made with an API token. But GitHub offers the possibility to review some security logs. This is better than nothing, but won't tell if someone was able to access private repositories for example.
Github enterprise token#
Category: Version control platform
High recall: False
Validity check available: True
Only valid secrets raise an alert: True
Minimum number of matches: 2
Occurrences found for one million commits: 1.1
- type: FilenameBanlistPreValidator banlist_extensions: - cs - css - ebuild - html - lock - md - rst - storyboard - txt - xib banlist_filenames: - Cartfile\.resolved - Portfile$ - \.gitrepo$ - ^m$ - _config\.yml$ - arm64 - build-log - dependencies - deps - kernel - monitor\.log - ngsw\.json - packages - release[_-]notes - search_plus_index\.json - vendor - vendor\.conf - x86 check_binaries: false- type: ContentWhitelistPreValidator patterns: - github\.- type: BanMinifiedPreValidator threshold_minified: 0.6
- text: > repoURL = "https://github.leakyleaky.com/leaman/documents.git" - githubAccessToken = "367d3c02f1dc622d340efc5493cea73f3cb924e4" apikey: 367d3c02f1dc622d340efc5493cea73f3cb924e4 host: github.leakyleaky.com - text: > + niqaprocessorgroupid: "8602a810-0164-1000-0000-00005160603a" + githubtoken: '28e204929a1e8ebaeb946a76348336fc7fffddbe' + githubrepo: 'https://github.leakyleaky.com/raw/platform/nifikls-flows' + niencryptionserver: http://aspi-1.dev.invitation.com:11003/encrypt apikey: 28e204929a1e8ebaeb946a76348336fc7fffddbe host: github.leakyleaky.com - text: > ! [rejected] use_svc_calls_gdco_gpgx -> use_svc_calls_gdco_gpgx (fetch first) error: failed to push some refs to 'https://email@example.com/user/altnav.git' hint: Updates were rejected because the remote contains work that you do apikey: 7b476decd32f22e2d9c00e5836b56a25d7d6e562 host: ccgithub.dev.leaks.com