Ever wondered what repositories a specific github token has access too. Paul McCarty wrote Gimmepatz which is an awesome tool if you want to automated the scan and extract reports.
While exploring the tool it came me that we dont have a simple navigator which allows me to go through the files in the repository without cloning them locally. So GH Navigator is born (https://github.com/cyfinoid/ghnavigator/)
It has two main modules. :
-
GH Navigator gives you a easy to use GUI repository navigator using github tokens (https://cyfinoid.github.io/ghnavigator/)
-
GH Navigator Token Validator : validates one or more tokens and maps repository permissions, showing control-plane risk. (https://cyfinoid.github.io/ghnavigator/ghcreds.html) : Cant take full credit This is heavily inspired by https://github.com/6mile/gimmepatz
Enjoy github token hunting.