Token Exploiter is a tool designed to analyze GitHub Personal Access Tokens. It provides a comprehensive overview of the permissions and data accessible with a given token, making it useful for security audits and penetration testing.

• Analyze GitHub Personal Access Tokens
• Display user information, repositories, organizations, gists, SSH keys, GPG keys, emails, followers, following, and webhooks
• Export all gathered information to a well-formatted PDF
• Web-based interface with real-time progress updates
• Copy functionality for repository clone commands
• Download functionality for SSH and GPG keys
• Visual representation of token permissions in a tree structure
• Rate limit handling and user notifications

1. Clone the repository:

   git clone https://github.com/psyray/token-exploiter.git
   cd token-exploiter
   

2. Install the package:

   pipx install .
   

1. Run the Token Exploiter:

   token-exploiter
   

2. Open the provided URL in your web browser.

3. Enter a GitHub Personal Access Token and click "Analyze".

4. View the results and use the "Export PDF" button to download a comprehensive report.

• Debug mode: token-exploiter -d
• Custom host and port: token-exploiter -l IP:PORT

• This tool is intended for authorized security testing and auditing purposes only. Always ensure you have permission to analyze tokens and respect GitHub's terms of service and API usage limits.
• SSH and GPG keys are sensitive information. Handle downloaded keys with caution.
• The tool sanitizes key data before download to remove potentially harmful characters.

The PDF export now includes:

• A dedicated page for Token Permissions and Quick Stats
• A visual tree structure for permissions
• Truncated versions of SSH and GPG keys for privacy

Contributions are welcome! Please feel free to submit a Pull Request.

This project is licensed under the GNU GPL 3 License - see the LICENSE file for details.