Skip to content

Instantly share code, notes, and snippets.

@ebicoglu

ebicoglu/github-personal-access-token-validate.md

Created April 18, 2022 21:08
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ebicoglu/108038573d4a50abef38250aba7bd938 to your computer and use it in GitHub Desktop.
Save ebicoglu/108038573d4a50abef38250aba7bd938 to your computer and use it in GitHub Desktop.
Download ZIP
How to check if a GitHub Personal Access Token is valid
Raw
github-personal-access-token-validate.md
@ebicoglu
Copy link
Author

image
Check out the response of the command where X-OAuth-Scopes shows the permissions of the token

@ZSendokame
Copy link

Hi!
I've recently found a token. It ends with "u2EmB"
I think that you've leaked it. I don't have any bad intentions, just to let you know.

(I am not going to use it)

@ebicoglu
Copy link
Author

ebicoglu commented Dec 13, 2022
edited

Thank you for the feedback @ZSendokame
Can you show me where this token (....e2EmB) is saved?

@ZSendokame
Copy link

Hi! I found the Token on the events API (at https://api.github.com/events), I don't know if it's saved by GitHub, but it disappeared after some time
The API logs every event made by people (Pull requests, push, etc.), it saves the data of every event, including the e-mail that Git uses to push code
So while seeing the JSON, I found the token

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment