fake-tokens

# fake-tokens - Generate fake access tokens ![fake-tokens](https://github.com/6mile/fake-tokens/blob/e995c41f8b91ed5735c5dcadca9d18d9a6486b16/images/fake-tokens-banner-smaller.png) ## Overview Have you ever needed fake GitHub, NPM, GitLab or AWS credentials for testing? I did, but when I went looking for a library to use, I couldn't find any, so I wrote my own. fake-tokens is a Javascript library and CLI that generates fake access tokens for testing and development purposes. fake-tokens currently supports GitHub, NPM, GitLab and AWS tokens. These tokens are intended for use in unit tests, development environments, and other scenarios where you need placeholder authentication data. Security researchers, red teams and bug bounty hunters can use fake-tokens to test their tooling. Finally, you can import the library and use it in your project, or you can run it as a CLI tool. **WARNING: All generated tokens are fake and cannot be used for actual authentication with any service.** ## Supported Token Types - **GitHub Classic**: `ghp_` prefix, 40 characters total - **GitHub Fine-grained**: `github_pat_` prefix, 93 characters total (customizable) - **GitLab**: `glpat-` prefix, 26 characters total - **NPM**: `npm_` prefix, 40 characters total - **AWS Access Key**: `AKIA` prefix, 20 characters total - **AWS Secret Key**: 40-character base64-like string ## Installation ```bash npm install fake-tokens ``` ## Usage ### Use fake-tokens CLI Generate a single GitHub classic token (default): ```bash fake-tokens ``` ### Specify Token Type Generate different types of tokens: ```bash fake-tokens -t github_classic fake-tokens -t github_fine_grained fake-tokens -t gitlab fake-tokens -t npm fake-tokens -t aws_access_key fake-tokens -t aws_secret_key ``` ### Generate Multiple Tokens Generate multiple tokens of the same type: ```bash fake-tokens -c 5 # 5 GitHub classic tokens fake-tokens -c 10 -t npm # 10 NPM tokens fake-tokens -c 3 -t aws_access_key # 3 AWS access keys ``` ### Command Line Parameters - `-t, --type`: Token type to generate (default: github_classic) - `-c, --count`: Number of tokens to generate (default: 1) - `-h, --help`: Show help message ### Help ```bash fake-tokens --help ``` ## Examples ### Generate AWS Credentials for Testing ```bash # Generate access key fake-tokens -t aws_access_key # Output: AKIAIOSFODNN7EXAMPLE # Generate secret key fake-tokens -t aws_secret_key # Output: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY ``` ### Generate Multiple GitHub Tokens ```bash fake-tokens -c 3 -t github_classic # Output: # ghp_1234567890abcdef1234567890abcdef12345678 # ghp_abcdef1234567890abcdef1234567890abcdef12 # ghp_567890abcdef1234567890abcdef1234567890ab ``` ### Use fake-tokens inline to generate fake access tokens ```bash GITHUB_TOKEN=$(fake-tokens -t github_classic) AWS_ACCESS_KEY_ID=$(fake-tokens -t aws_access_key) AWS_SECRET_ACCESS_KEY=$(fake-tokens -t aws_secret_key) ``` ## Using fake-tokens as a Javascript module ```javascript const TestTokenGenerator = require('fake-tokens'); const generator = new TestTokenGenerator(); // Generate single tokens const githubToken = generator.generateGitHubClassicToken(); const npmToken = generator.generateNpmToken(); const awsAccessKey = generator.generateAwsAccessKey(); // Generate multiple tokens const multipleTokens = generator.generateBatch(5, 'github_classic'); console.log('GitHub Token:', githubToken); console.log('NPM Token:', npmToken); console.log('AWS Access Key:', awsAccessKey); console.log('Multiple Tokens:', multipleTokens); ``` #### Methods ##### generateGitHubClassicToken(ensureUnique = true) Returns a fake GitHub classic token starting with `ghp_`. ##### generateGitHubFineGrainedToken(length = 93, ensureUnique = true) Returns a fake GitHub fine-grained token starting with `github_pat_`. ##### generateGitLabToken(ensureUnique = true) Returns a fake GitLab token starting with `glpat-`. ##### generateNpmToken(ensureUnique = true) Returns a fake NPM token starting with `npm_`. ##### generateAwsAccessKey(ensureUnique = true) Returns a fake AWS access key starting with `AKIA`. ##### generateAwsSecretKey(ensureUnique = true) Returns a fake AWS secret key (40 characters). ##### generateBatch(count, tokenType = "github_classic") Returns an array of fake tokens of the specified type. ##### clearHistory() Clears the history of generated tokens. ##### getGeneratedCount() Returns the number of unique tokens generated. ## Security Notes - All tokens generated by this script are completely fake - Uses Node.js `crypto.randomInt()` for cryptographically secure random generation - Do not use these tokens for actual authentication - The tokens follow realistic formats but contain no real credentials - Safe to commit to version control in test configurations - No actual API keys or secrets are embedded in the script ## Token Format Details ### GitHub Classic Tokens - Format: `ghp_` + 36 alphanumeric characters - Total length: 40 characters - Character set: a-z, A-Z, 0-9 ### GitHub Fine-grained Tokens - Format: `github_pat_` + variable length alphanumeric string - Default length: 93 characters total - Character set: a-z, A-Z, 0-9 ### GitLab Tokens - Format: `glpat-` + 20 alphanumeric characters - Total length: 26 characters - Character set: a-z, A-Z, 0-9 ### NPM Tokens - Format: `npm_` + 36 characters - Total length: 40 characters - Character set: a-z, A-Z, 0-9, _, - ### AWS Access Keys - Format: `AKIA` + 16 uppercase alphanumeric characters - Total length: 20 characters - Character set: A-Z, 0-9 ### AWS Secret Keys - Format: 40-character base64-like string - Character set: a-z, A-Z, 0-9, +, / ## Requirements - Node.js 12.0.0 or higher - No external dependencies (uses only built-in Node.js modules) ## Contributing Feel free to submit issues or pull requests to add support for additional token formats or improve existing functionality. ## License This script is provided as-is for testing and development purposes. Use responsibly and never for actual authentication.