Token-Hunter: Collect OSINT for GitLab groups and members

Token-Hunter is a free and open-source tool available on GitHub. This tool is based upon the technology of OSINT. This tool is a free and open-source tool it means you don’t have to give any amount to anyone. Download and install this tool free of cost This tool is used as intended to complement different tools such as gitrob, gitleaks, TruffleHog. This tool can be used if you or your group is sharing, saving, hosting a project on GitLab. The token hunter can be used to manage tokens of GitLab. This tool is written in python language. You must have python language installed in your kali Linux operating system in order to use the tool. GitLab is a hosting and code-sharing platform just like GitHub. 

Installation

Step 1: Use the following command to install the tool. Use the second command to move into the directory of the tool.

git clone https://gitlab.com/gitlab-com/gl-security/gl-redteam/token-hunter.git

cd token-hunter

Step 2: Now use the following command to install the dependencies of the tool.

pip3 install -r ./requirements.txt

Step 3: Now use the following command to run the tool.

./token-hunter.py

The tool is running successfully.

Now we will see examples to use the tool.

Usage

Example 1: Use the Token-hunter tool to return all the project URLs associated with a group by providing the group ID with the -g switch.

./token-hunter.py -g <g id>

Example 2: Use the Token-hunter tool to Finds all projects for group 123456 as well as all of the personal projects for the group members.

./token-hunter.py -g 123456 -m