← All tools
Scan for exposed GitHub tokens
A leaked GitHub PAT can give an attacker read/write access to all your private repositories and CI. GhostCred detects exposed ghp_/gho_/ghs_ tokens and OAuth credentials in your code and config.
Scan for GitHub tokens — freeWhat this checks
- ✓Personal access tokens (ghp_…) and fine-grained tokens
- ✓OAuth and app installation tokens (gho_…, ghs_…)
- ✓Tokens in CI config, Dockerfiles, and .env files
- ✓Deploy keys and credentials in git history
Why it matters
Repo access is lateral-movement gold: source code, more secrets, and your build pipeline. A 60-second check beats discovering it in an incident.
Free first scan. No signup. Results in ~60 seconds.
Scan for GitHub tokens — free