🔐 GitHub Enterprise API Key Validator

Comprehensive Security Analysis & Automated Remediation

Python GitHub API Security Compliance

Overview

A comprehensive Python framework to validate GitHub Enterprise API key permissions and enumerate all accessible company information. The tool provides detailed security analysis, compliance checking, and automated remediation suggestions.

60+

Permissions Tested

52+

Analyzer Modules

55+

Report Sections

6

Compliance Frameworks

🎯 Key Capabilities

  • Comprehensive permission validation across 60+ GitHub API permissions
  • Complete organization and repository enumeration
  • Automated security risk assessment and scoring
  • Multi-framework compliance checking (SOC2, ISO27001, NIST, CIS, PCI-DSS, GDPR)
  • Permission drift detection and historical tracking
  • Automated remediation suggestions with step-by-step guides
  • Rate limit monitoring and optimization
  • Professional HTML reports with interactive visualizations

Core Features

🔑 Permission Validation

Test 60+ GitHub API permissions including:

  • Repository operations (read, write, delete, admin)
  • Organization management
  • Security features (secrets, GPG keys, SSH keys)
  • Code scanning and Dependabot
  • Enterprise features

🏢 Company Enumeration

Comprehensive organization data collection:

  • Repositories, teams, and members
  • Webhooks and secrets
  • Workflows and Actions
  • Projects and issues
  • Enterprise-wide runner telemetry

⚡ GitHub Actions Detection

Automatically surface CI/CD information:

  • Workflows and workflow runs
  • Artifacts and logs
  • Actions secrets and variables
  • Runner configurations
  • Organization-level secrets

🛡️ Security Analysis

Advanced security assessment:

  • Code scanning alerts
  • Secret scanning alerts
  • Branch protection rules
  • Vulnerability alerts
  • Dependency graph analysis

📊 Risk Scoring

Intelligent risk assessment:

  • Weighted risk scoring system
  • Priority-based categorization
  • Interactive visualizations
  • Overall risk calculation
  • Actionable recommendations

✅ Compliance Checking

Multi-framework compliance validation:

  • SOC2 compliance
  • ISO27001 standards
  • NIST Cybersecurity Framework
  • CIS Benchmarks
  • PCI-DSS and GDPR

📈 Permission Drift Detection

Track permission changes over time:

  • Historical permission snapshots
  • Change detection and comparison
  • Critical change alerts
  • Drift analysis and reporting

🔧 Automated Remediation

Actionable remediation suggestions:

  • Prioritized remediation steps
  • Step-by-step guides
  • Ready-to-use commands
  • External references
  • Effort and impact assessment

📊 Rate Limit Monitoring

Intelligent API usage management:

  • Real-time rate limit tracking
  • Usage percentage and status
  • Resource-specific limits
  • Automatic wait-for-reset
  • Usage recommendations

52+ Analyzer Modules

Comprehensive analysis modules covering every aspect of GitHub API access and security.

🔐 Security & Access

Security Analyzer

  • Code scanning alerts
  • Secret scanning alerts
  • Dependabot alerts
  • Branch protection

Repository Analyzer

  • Repository settings
  • Security policies
  • Vulnerability alerts
  • Dependency graph

Webhook Analyzer

  • Repository webhooks
  • Organization webhooks
  • Webhook configurations
  • Event subscriptions

Environment Secrets

  • Environment secrets
  • Environment variables
  • Protection rules
  • Deployment branches

👥 Collaboration & Content

Issues & PRs

  • Issues analysis
  • Pull requests
  • PR reviews
  • PR files changed

Content Analyzer

  • Repository content
  • File analysis
  • Directory structure
  • Code patterns

Commit Analyzer

  • Commit history
  • Commit comments
  • Commit statistics
  • Author analysis

Team Analyzer

  • Team members
  • Team permissions
  • Team repositories
  • Team structure

📦 Resources & Packages

Packages Analyzer

  • Package registries
  • Package versions
  • Package permissions
  • Package usage

Dependency Analyzer

  • Dependency graph
  • Vulnerable dependencies
  • License information
  • Dependency updates

Releases & Assets

  • Release information
  • Release assets
  • Asset downloads
  • Release statistics

Repository Statistics

  • Traffic statistics
  • Clone statistics
  • View statistics
  • Engagement metrics

🔍 Advanced Analysis

Actions Detector

  • Workflow detection
  • Workflow runs
  • Artifact details
  • Workflow logs

Codespaces Detector

  • Codespace configurations
  • Codespace usage
  • Secrets in codespaces

Audit Log Analyzer

  • Enterprise audit logs
  • Activity patterns
  • Security events

User Activity

  • User activity patterns
  • Access patterns
  • Usage statistics

📋 Complete Analyzer List

Actions Detector, Security Analyzer, Repository Analyzer, Codespaces Detector, Issues/PRs Analyzer, Content Analyzer, Packages Analyzer, Token Metadata, Repository Insights, Audit Log Analyzer, Gists Analyzer, User Activity, Discussions Analyzer, Commit Analyzer, Branch Analyzer, Team Analyzer, Notification Analyzer, Webhook Analyzer, OAuth App Analyzer, GitHub App Analyzer, Dependency Analyzer, PR Reviews Analyzer, Repository Settings Analyzer, Organization Settings Analyzer, Environment Secrets Analyzer, Milestones Analyzer, Labels Analyzer, Projects Analyzer, Reactions Analyzer, Commit Comments Analyzer, PR Files Analyzer, Issue Events Analyzer, Contributors Analyzer, Stargazers/Watchers Analyzer, Fork Network Analyzer, Release Assets Analyzer, Repository Invitations Analyzer, Repository Transfer Analyzer, Workflow Run Logs Analyzer, Artifact Details Analyzer, Secret Scanning Alerts Analyzer, Code Scanning Alerts Analyzer, Repository Topics Analyzer, Repository Languages Analyzer, Enterprise Settings Analyzer, Repository Statistics Analyzer, and more.

Automated Remediation Engine

Intelligent remediation suggestions with step-by-step guides, commands, and references.

🎯 Priority-Based Remediation

  • Critical - Immediate action required
  • High - Address within 24-48 hours
  • Medium - Address within a week
  • Low - Address during next review

📝 Comprehensive Guidance

  • Detailed step-by-step instructions
  • Ready-to-use commands
  • External documentation links
  • Effort and impact assessment
  • Category-based organization

🔍 Smart Analysis

  • Permission analysis
  • Resource analysis
  • Compliance findings
  • Drift detection
  • Risk assessment integration

Example Remediation Categories

  • Permissions: Reduce admin permissions, remove delete access, implement least privilege
  • Secrets: Rotate exposed secrets, secure secret access, implement rotation policies
  • Access Control: Review repository access, implement RBAC, audit permissions
  • Network Security: Secure exposed runners, review webhooks, implement network isolation
  • Compliance: Address compliance violations, implement required controls

Compliance Frameworks

Automated compliance checking against industry-standard frameworks.

📋 SOC2

  • CC6.1 - Logical and physical access controls
  • CC6.2 - Access credentials and authentication
  • CC7.1 - System operations

🌐 ISO27001

  • A.9.2 - User access management
  • A.9.4 - Access control to program and information
  • Access control policies

🛡️ NIST CSF

  • PR.AC - Identity Management
  • Access Control
  • Least privilege principle

✅ CIS Benchmarks

  • CIS 1.1 - MFA requirements
  • CIS 2.1 - Administrative access limits
  • Security hardening

💳 PCI-DSS

  • Requirement 7 - Restrict access
  • Cardholder data protection
  • Access controls

🔒 GDPR

  • Article 32 - Security of processing
  • Data protection measures
  • Privacy controls

Usage Examples

Basic Usage

# Validate permissions and enumerate company info python main.py --api-key $GITHUB_TOKEN --company celfocus # Generate comprehensive security report python main.py --api-key $GITHUB_TOKEN --company celfocus \ --enterprise-slug celfocus --all-orgs \ --generate-report security_report.html \ --monitor-rate-limit --detect-drift \ --check-compliance all \ --output-dir ./reports

Advanced Features

# With rate limit monitoring python main.py --api-key $GITHUB_TOKEN --company celfocus \ --monitor-rate-limit # With permission drift detection python main.py --api-key $GITHUB_TOKEN --company celfocus \ --detect-drift # With specific compliance frameworks python main.py --api-key $GITHUB_TOKEN --company celfocus \ --check-compliance SOC2 ISO27001 # Export in multiple formats python main.py --api-key $GITHUB_TOKEN --company celfocus \ --generate-report report \ --export-format html pdf excel json

CLI Options

Core Options

  • --api-key - GitHub API token
  • --company - Organization name
  • --enterprise-slug - Enterprise slug
  • --all-orgs - Enumerate all orgs

Analysis Options

  • --validate - Validate permissions
  • --enumerate - Enumerate resources
  • --generate-report - Generate HTML report
  • --test-all - Run test suite

Advanced Options

  • --monitor-rate-limit - Monitor API usage
  • --detect-drift - Detect permission changes
  • --check-compliance - Check compliance
  • --export-format - Export formats