{"id":29873898,"url":"https://github.com/6mile/gimmepatz","last_synced_at":"2025-10-07T17:10:15.641Z","repository":{"id":304074615,"uuid":"1017657794","full_name":"6mile/gimmepatz","owner":"6mile","description":"Personal Access Token (PAT) recon tool for bug bounty hunters, pentesters \u0026 red teams","archived":false,"fork":false,"pushed_at":"2025-07-20T12:10:43.000Z","size":2462,"stargazers_count":18,"open_issues_count":1,"forks_count":4,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-07-31T00:31:52.510Z","etag":null,"topics":["bug-bounty-tools","bugbounty","penetration-testing","penetration-testing-tools","redteam","redteam-tools"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/6mile.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-07-10T22:21:09.000Z","updated_at":"2025-07-23T16:39:18.000Z","dependencies_parsed_at":"2025-07-30T23:40:34.376Z","dependency_job_id":"88dc228f-6bab-4fc6-b248-2de2e1566784","html_url":"https://github.com/6mile/gimmepatz","commit_stats":null,"previous_names":["6mile/gimmepatz"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/6mile/gimmepatz","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/6mile%2Fgimmepatz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/6mile%2Fgimmepatz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/6mile%2Fgimmepatz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/6mile%2Fgimmepatz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/6mile","download_url":"https://codeload.github.com/6mile/gimmepatz/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/6mile%2Fgimmepatz/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278811851,"owners_count":26050183,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-07T02:00:06.786Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bug-bounty-tools","bugbounty","penetration-testing","penetration-testing-tools","redteam","redteam-tools"],"created_at":"2025-07-30T23:40:25.020Z","updated_at":"2025-10-07T17:10:15.607Z","avatar_url":"https://github.com/6mile.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"![gimmePATz](images/gimmepatz-github-banner.png)\n\n## :smirk_cat: gimmePATz :smirk_cat: - Personal Access Token (PAT) recon tool\n\nHave you ever found a GitHub or a NPM personal access token (PAT) and wondered \"Is this valid?\" or \"I wonder what a bad guy could do with this?\" Well, if so, I've got the tool for you! \n\nIntroducing gimmePatz, a comprehensive reconnaissance tool for PATs. gimmePATz will tell you if a PAT is valid, and what kind of PAT it is. It provides information about the user account that created the PAT, including what organizations that user is part of and how many followers they have. gimmePATz will show you what scopes a PAT has and what variables or secrets the PAT has access to. gimmePATz will list what repositories, NPM packages or GitHub Organisations the PAT is attached to as well, and tell you exactly what permissions the PAT has to each resource. This tool is designed for offensive security practitioners, like bug bounty hunters, pentesters and red teams. By using this tool, you agree to use it in a legal context.\n\nYou can point gimmePATz at a file and it will find all the PATs in that file and let you know if they are valid. gimmepatz supports JSON output as well, so you can save the output in JSON, and/or pipe the output of gimmePATz into other tools like jq. You can see some examples of the different ways to use gimmePATz in the \"Advanced Usage\" section below.\n\n### Features\n\n- šŸ” **Token Validation** - Verify if the GitHub or NPM PAT you found is valid and what does it have access to?\n- šŸ”‘ **Permission Analysis** - Detailed breakdown of token scopes with descriptions\n- šŸ‘¤ **User Information** - Details about the user that created the PAT\n- šŸ“ **Repository Discovery** - Find all repositories attached to this PAT\n- ā˜¢ļø **Enumerate Variables \u0026 Secrets** - Identify any GitHub Variables or Secrets the PAT has access to\n- šŸ“‹ **JSON Output** - Machine-readable format for automation\n- šŸ”’ **Privacy Separation** - Clearly distinguish between private and public repos\n- šŸ¢ **Organization Support** - Tells you what organizations are attached to this PAT\n- ā¬‡ļø **Download Repos/Packages** - Download files and repos that are found\n\n\n### Basic Usage\n\n```bash\ngimmepatz.py TOKEN\n```\n### Prerequisites\n- Python 3.6+\n- `requests` library # ```pip install requests```\n- `git` (for repository downloading)\n\n### Advanced Usage\n\n```bash\n# Discover secrets and variables\ngimmepatz.py TOKEN --variables\n\n# Include organization repositories\ngimmepatz.py TOKEN --org GITHUB_ORGANIZATION\n\n# JSON output for scripting\ngimmepatz.py TOKEN --json\n\n# Combined: organization repos + JSON output\ngimmepatz.py TOKEN --org GITHUB_ORGANIZATION --json\n\n# Save the output of gimmePATz in JSON output to a file\ngimmepatz.py TOKEN --variables --org target-org --json \u003e assessment.json\n\n# Download all accessible repositories\ngimmepatz.py TOKEN --download\n\n# Download only private repositories\ngimmepatz.py TOKEN --download --download-type private\n\n# Custom download location\ngimmepatz.py TOKEN --download --download-path ./target-repos\n\n# Scan a file to see if it has any PATs in it\ngimmepatz.py --scan ./example-file.json\n```\n\n### Installation\n\n**Clone or download the script**\n```bash\ngit clone https://github.com/6mile/gimmepatz.git\ncd ./gimmepatz/ \u0026\u0026 chmod u+x ./gimmepatz.py\n```\n\n### Command Line Options\n\n| Option | Description |\n|--------|-------------|\n| `--json` | Output results in JSON format |\n| `--variables`, `--var` | Enumerate GitHub variables and secrets |\n| `--var-target` | Target scope: `all`, `user`, `repo`, `org` |\n| `--var-name` | Specific repository or organization name |\n| `--download` | Download all accessible repositories |\n| `--download-path` | Custom download directory (default: `repos`) |\n| `--download-type` | Filter: `all`, `private`, `public` |\n| `--org` | Include specific GitHub organization analysis |\n| `--debug` | Enable verbose debug output |\n| `--scan` | Scan local files for PATs |\n\n### Output Examples\n\n```\n _ ______ ___ _____\n (_) | ___ \\/ _ \\_ _|\n __ _ _ _ __ ___ _ __ ___ ___| |_/ / /_\\ \\| |____\n / _` | | '_ ` _ \\| '_ ` _ \\ / _ \\ __/| _ || |_ /\n| (_| | | | | | | | | | | | | __/ | | | | || |/ /\n \\__, |_|_| |_| |_|_| |_| |_|\\___\\_| \\_| |_/\\_/___|\n __/ |\n |___/ \"Personal Access Token recon tool\"\n ----------------------------------------------------\n by @6mile\n\nāœ… Token is valid\n\nšŸ‘¤ Authenticated as: octocat\n Name: Octocat Maclean\n Account type: User\n Public repos: 4\n Private repos: 3\n Followers: 9714\n Following: 731\n\nšŸ¢ Organization Memberships (2 total):\n šŸ‘¤ Space-Force-Beta (member)\n Name: Space-Force-Beta\n Description: Building cool stuff for space\n Public repos: 2\n Private repos: 1\n URL: https://github.com/Space-Force-Beta\n\n šŸ‘‘ ThrifyBank (admin)\n Description: The thriftiest Neo Bank in Kansas!\n Public repos: 1\n Private repos: 5\n URL: https://github.com/thrifybank-kansas\n\nšŸ”‘ Token Scopes (14 total):\n ā€¢ codespace:secrets\n ā€¢ notifications\n ā€¢ read:audit_log\n ā€¢ read:discussion\n ā€¢ read:enterprise\n ā€¢ read:org\n ā€¢ read:packages\n ā€¢ read:project\n ā€¢ read:public_key\n ā€¢ read:repo_hook\n ā€¢ read:user\n ā€¢ repo\n ā€¢ user:email\n ā€¢ workflow\n\nScope Descriptions:\n--------------------------------------------------\n repo: Full access to repositories\n user: Access to user profile information\n notifications: Access to notifications\n\nšŸ“Š Rate Limit Status:\n Limit: 5000\n Remaining: 4999\n Reset time: 1234567890\n\nšŸ“ Accessible Repositories:\n Found 25 accessible repositories:\n ā€¢ 15 private repositories\n ā€¢ 10 public repositories\n\nšŸ”’ Private Repositories (9):\n\n šŸ“‚ octocat (3 private repos):\n ā€¢ octocat/internal-api (admin)\n ā€¢ octocat/database (admin)\n ā€¢ octocat/external-api (admin)\n\n šŸ“‚ Space-Force-Beta (1 private repos):\n ā€¢ Space-Force-Beta/destrukto-beam (admin)\n\n šŸ“‚ ThriftyBank (5 private repos):\n ā€¢ thriftybank-kansas/web (admin)\n ā€¢ thriftybank-kansas/docker (admin)\n ā€¢ thriftybank-kansas/database-int (admin)\n ā€¢ thriftybank-kansas/bank-vault (admin)\n ā€¢ thriftybank-kansas/SAAS-PORTAL (admin)\n\nšŸ”“ Public Repositories (7):\n\n šŸ“‚ octocat (4 public repos):\n ā€¢ octocat/sdk (admin)\n ā€¢ octocat/helpdesk-docs (admin)\n ā€¢ octocat/aws-sdk-helpers (admin)\n ā€¢ octocat/stinkyCaptain (admin)\n\n šŸ“‚ Space-Force-Beta (1 public repos):\n ā€¢ Space-Force-Beta/destrukto-beam (admin)\n\n šŸ“‚ thrifybank-kansas (1 public repos):\n ā€¢ thrifybank-kansas/node-restify (admin)\n```\n\n### JSON Output\n\n```json\n{\n \"token_valid\": true,\n \"user_info\": {\n \"login\": \"octocat\",\n \"name\": \"The Octocat\",\n \"type\": \"User\",\n \"id\": 1\n },\n \"scopes\": [\"repo\", \"user\", \"notifications\"],\n \"rate_limit\": {\n \"limit\": 5000,\n \"remaining\": 4999,\n \"reset\": 1234567890\n },\n \"repositories\": {\n \"total\": 25,\n \"private\": [\n {\n \"name\": \"mycompany/internal-api\",\n \"owner\": \"mycompany\",\n \"permissions\": {\n \"admin\": true,\n \"push\": true,\n \"pull\": true\n },\n \"url\": \"https://github.com/mycompany/internal-api\"\n }\n ],\n \"public\": [\n {\n \"name\": \"octocat/awesome-project\",\n \"owner\": \"octocat\",\n \"permissions\": {\n \"admin\": true,\n \"push\": true,\n \"pull\": true\n },\n \"url\": \"https://github.com/octocat/awesome-project\"\n }\n ]\n },\n \"summary\": {\n \"total_repos\": 25,\n \"private_count\": 15,\n \"public_count\": 10,\n \"owners\": [\"mycompany\", \"octocat\"]\n }\n}\n```\n\n### Token Scopes Reference\n\n| Scope | Description |\n|-------|-------------|\n| `repo` | Full access to repositories |\n| `public_repo` | Access to public repositories only |\n| `repo:status` | Access to commit status |\n| `repo_deployment` | Access to deployment statuses |\n| `user` | Access to user profile information |\n| `user:email` | Access to user email addresses |\n| `user:follow` | Access to follow/unfollow users |\n| `admin:org` | Full access to organization, teams, and memberships |\n| `write:org` | Write access to organization and teams |\n| `read:org` | Read access to organization and teams |\n| `gist` | Write access to gists |\n| `notifications` | Access to notifications |\n| `workflow` | Access to GitHub Actions workflows |\n| `write:packages` | Write access to GitHub packages |\n| `read:packages` | Read access to GitHub packages |\n| `delete_repo` | Delete access to repositories |\n\n### Security Best Practices\n\n1. **Never commit tokens to version control**\n2. **Use environment variables for tokens**\n ```bash\n export TOKEN=\"your_token_here\"\n gimmepatz.py \"$TOKEN\"\n ```\n3. **Regularly audit your tokens** using this tool\n4. **Use minimal required scopes** for each token\n5. **Set expiration dates** on your tokens when possible\n6. **Rotate tokens regularly** as part of security hygiene\n\n### Troubleshooting\n\n### Common Issues\n\n**\"Invalid token or network error\"**\n- Verify your token is correct and active\n- Check internet connectivity\n- Ensure the token hasn't expired\n\n**\"No repositories found\"**\n- Token might have limited scopes\n- User might not have access to any repositories\n- Check if you need to include organization repositories with `--org`\n\n**Rate limit exceeded**\n- Wait for the rate limit to reset\n- Use authenticated requests (this tool does automatically)\n- Check rate limit status in the output\n\n### Error Codes\n\n- `200`: Success\n- `401`: Bad credentials (invalid token)\n- `403`: Rate limit exceeded or insufficient permissions\n- `404`: Resource not found (user/organization doesn't exist)\n\n### Contributing\n\nContributions are welcome! Please feel free to submit a Pull Request. For major changes, please open an issue first to discuss what you would like to change.\n\n### License\n\nThis project is licensed under the MIT License - see the LICENSE file for details.\n\n### Changelog\n\n#### v0.1.0\n- Initial release\n- Token validation and scope analysis\n- Repository discovery with privacy separation\n- JSON output for automation\n- Organization repository support\n- ASCII art branding\n\n#### v0.3.0\n- Added NPM token validation\n- Added GitHub Variables and Secrets detection\n- Added ability to download repositories found via --download\n---\n\n**Made with ā¤ļø by @6mile for my offsec homies**\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F6mile%2Fgimmepatz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F6mile%2Fgimmepatz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F6mile%2Fgimmepatz/lists"}