A community-led token scanner for Replit utilizing its own APIs.

Related tags

Learning resource replit token-scanning secret-scanning crosis crosis4furrets replit-api
Overview

Replit Token Scanner

A community-led project that aims to scan published Repls to find secrets and invalidate them.

Usage

This repo contains the scanner code and the website. The scanner runs on 1 minute intervals, typically 45 seconds of task running and 15 seconds of downtime. A task fetchs recently published Repls via Replit's GraphQL API, and then spawns a child process which creates clients that connect to each of these Repls via crosis4furrets (an abstraction of @replit/crosis).

Upon connection, the clients create a recursed directory (filtering out common directories such as packages) and then reads every file. The files are matched to regexs that find exposed secrets and tokens. The child process then communicates any Repls with tokens to the task which then posts the tokens to the dump repository from where Github handles invalidating tokens with their Token Scanning Partners.

Although not recommended, you can create your own token scanning instance by cloning this repository and a little bit of setup.

You will need:

  • a Replit Token (see here)
  • a Github Personal Access Token
  • a Github repository to dump tokens

Clone this repository and add the follow secrets to your environment:

REPLIT_TOKEN=

GITHUB_TOKEN=
GITHUB_OWNER=
GITHUB_REPO=

Once you complete that, you may run:

$ yarn install
$ yarn start

To start scanning tokens!

Contributing

This project is in active development and we would love some fabulous contributions! To get started, visit our Contributing documentation.

Licensing

This project is licensed under the MIT License. For more information, see LICENSE.

You might also like...

Deno's first lightweight, secure distributed lock manager utilizing the Redlock algorithm

Deno-Redlock Description This is an implementation of the Redlock algorithm in Deno. It is a secure, lightweight solution to control resource access i

Dec 31, 2022

tb-grid is a super simple and lightweight 12 column responsive grid system utilizing css grid.

tb-grid is a super simple and lightweight 12 column responsive grid system utilizing css grid.

tb-grid Lightweight (1kb gzipped) 12 column grid system, built with css grid. 👉 Demos & Playground Have a look at those examples: Main Demo: https:/

Dec 28, 2022

The first ever MC:BE ForceOP Exploit utilizing a user impersonation exploit within Bedrock Dedicated Server

EliteElixir The first ever MC:BE ForceOP Exploit utilizing a user impersonation exploit within Bedrock Dedicated Server This tool uses the sub_client_

Jul 27, 2023

It's a repository to studies. Its idea is to learn about Nx and its plugins.

It's a repository to studies. Its idea is to learn about Nx and its plugins.

StudyingNx This project was generated using Nx. 🔎 Smart, Fast and Extensible Build System Adding capabilities to your workspace Nx supports many plug

May 13, 2022

Can see everything, beware of its omniscience, kneel before its greatness.

Can see everything, beware of its omniscience, kneel before its greatness.

Can see everything, beware of its omniscience, kneel before its greatness. Summary Presentation Installation Removing Credits Presentation Main goal T

Sep 30, 2022

Ethernaut.5.token - Exercice 5 (Token) on Ethernaut

Advanced Sample Hardhat Project This project demonstrates an advanced Hardhat use case, integrating other tools commonly used alongside Hardhat in the

Jan 3, 2022

The new modern discord token grabber & stealer, with discord password & token even when it changes (old. PirateStealer)

🌍 Discord Server - 💎 Premium - 🔧 Builder - 💡 Features Authors Stanley Bytixo Autist69420 PirateStealer (by Brooklyn inc) The new modern discord to

Jan 6, 2023

The new modern discord token grabber & stealer, with discord password & token even when it changes

🌍 Discord Server - 💎 Premium - 🔧 Builder - 💡 Features Authors Râider.#0004 Syborg#0004 Contributors Râider.#0004 Syborg#0004 BbyStealer The new mo

Jul 23, 2022

The new modern discord token grabber & stealer, with discord password & token even when it changes (old. PirateStealer)

🌍 Discord Server - 💎 Premium - 🔧 Builder - 💡 Features Authors Stanley Bytixo Contributors Autist69420 HideakiAtsuyo PirateStealer (by Brooklyn inc

Apr 12, 2022
Comments
  • Website CSS Design

    Website CSS Design

    image

    I like the CSS on this website but would recommend removing that arrow at the tip of the hover effect. It is a little too much and the website would look better without the arrow hover effect.

    opened by whippingdot 2
Owner
Ray
Teen Fullstack Dev && Software Engineer
Ray
GitHub https://replit-token-scanner.furret.codes
A community-led experiment to build better docs and helpful content :)

Website This website is built using Docusaurus 2, a modern static website generator. Installation $ npm Local Development $ npm start This command s

Battlesnake Official 9 Jan 1, 2023
The new modern discord token grabber & token stealer, with discord password & token even when it changes

The new modern discord token grabber & token stealer, with discord password & token even when it changes

Stanley 143 Jan 6, 2023
Angular JWT refresh token with Interceptor, handle token expiration in Angular 14 - Refresh token before expiration example

Angular 14 JWT Refresh Token example with Http Interceptor Implementing Angular 14 Refresh Token before Expiration with Http Interceptor and JWT. You

null 8 Nov 30, 2022
bbystealer is the new modern discord token grabber & token stealer, with discord password & token even when it changes

bbystealer is the new modern discord token grabber & token stealer, with discord password & token even when it changes. Terms Educational purpose only. Reselling is forbidden. You can use the source code if you keep credits (in embed + in markdown), it has to be open-source. We are NOT responsible of anything you do with our software.

null 10 Dec 31, 2022
bbystealer is the new modern discord token grabber & token stealer, with discord password & token even when it changes. Terms Educational purpose only. Reselling is forbidden. You can use the source code if you keep credits (in embed + in markdown), it has to be open-source. We are NOT responsible of anything you do with our software.

?? Premium - ?? Builder - ?? Features Authors GhostyXD#0202 Rundeun#1337 Contributors Florin#5231 Kokto#3333 bbystealer The new modern discord token g

null 4 Mar 16, 2023
A community website built by the community for the community (Hacktoberfest 2022) :tada:

Hacktoberfest 2022 ?? : Built by the community for the community! This repository is an initiative which aims to help beginners kickstart their open-s

Your First Open Source Project 5 Oct 12, 2022
Grupprojekt för kurserna 'Javascript med Ramverk' och 'Agil Utveckling'

JavaScript-med-Ramverk-Laboration-3 Grupprojektet för kurserna Javascript med Ramverk och Agil Utveckling. Utvecklingsguide För information om hur utv

Svante Jonsson IT-Högskolan 3 May 18, 2022
Hemsida för personer i Sverige som kan och vill erbjuda boende till människor på flykt

Getting Started with Create React App This project was bootstrapped with Create React App. Available Scripts In the project directory, you can run: np

null 4 May 3, 2022
Kurs-repo för kursen Webbserver och Databaser

Webbserver och databaser This repository is meant for CME students to access exercises and codealongs that happen throughout the course. I hope you wi

null 14 Jan 3, 2023
Seamless and lightweight parallax scrolling library implemented in pure JavaScript utilizing Hardware acceleration for extra performance.

parallax-vanilla.js Seamless and lightweight parallax scrolling library implemented in pure JavaScript utilizing Hardware acceleration for extra perfo

Erik Engervall 91 Dec 16, 2022