OSINT tool to get information from a Github and Gitlab profile and find user's email addresses leaked on commits.

Related tags

Third-party APIs Wrappersgitrecon
Overview

gitrecon

OSINT tool to get information from a Github or Gitlab profile and find user's email addresses leaked on commits.

๐Ÿ“š How does this work?

GitHub uses the email address associated with a GitHub account to link commits and other activity to a GitHub profile. When a user makes commits to public repos their email address is usually published in the commit and becomes publicly accessible, if you know where to look.

GitHub provide some instructions on how to prevent this from happening, but it seems that most GitHub users either don't know or don't care that their email address may be exposed.

Finding a GitHub user's email address is often as simple as looking at their recent events via the GitHub API.

Idea and text from Nick Drewe.

Source: https://thedatapack.com/tools/find-github-user-email/

โ— Disclaimer

As @pielco11 warned, emails and other data can be spoofed in commits.

โœ”๏ธ Prerequisites

๐Ÿ› ๏ธ Installation

git clone https://github.com/GONZOsint/gitrecon.git
cd gitrecon/
python3 -m pip install -r requirements.txt

It is possible to use a Github access token by editing line 3 of the modules/github_recon.py file. This will prevent a possible API ban.

It is possible to use a Gitlab access token by editing line 3 of the modules/gitlab_recon.py file. This will prevent a possible API ban.

token = '<Access token here>'

๐Ÿ”Ž Usage

usage: gitrecon.py [-h] -s {github,gitlab} [-a] [-o] username

positional arguments:
  username

optional arguments:
  -h, --help          show this help message and exit
  -s {github,gitlab}  sites selection
  -a, --avatar        download avatar pic
  -o, --output        save output

Results are saved in results/<username>/ path.

โš”๏ธ Features

  • Gitlab and Github leaked emails on commits

  • Gitlab and Github SSH keys

Github SSH keys Gitlab SSH keys
ID โŒ
โŒ Tittle
โŒ Created at
โŒ Expires at
Key Key

  • Gitlab and Github profile info

Github profile info Gitlab profile info
Username Username
Name Name
User ID User ID
โŒ State
โŒ Status
Avatar url Avatar url
Email Email
Location Location
Bio Bio
Company Organization
Organizations โŒ
โŒ Job title
โŒ Work information
Blog Web
Gravatar ID โŒ
Twitter Twitter
โŒ Skype
โŒ Linkedin
Followers Followers
Following Following
Created at Created at
Updated at โŒ

๐Ÿ”’ Prevention

Configurations on Github:

Configurations on Gitlab:

  • Settings url: https://gitlab.com/-/profile

    • โœ”๏ธ Public email: do not show on profile

    • โœ”๏ธ Commit email: use a private email

Owner
GOฮ ZO
GOฮ ZO
GitHub Repository
BLYRIC is a Twitter bot that tweets a song lyric every night.

BLYRIC BLYRIC, a bot that tweets a song lyric every night. Follow on Twitter: @blyric_ Overview BLYRIC is a Twitter bot that tweets a song quote every

Bruno Kenzo Hyodo 6 Oct 05, 2022
An Advanced Python Playing Card Module that makes creating playing card games simple and easy!

playingcards.py An Advanced Python Playing Card Module that makes creating playing card games simple and easy! Features Easy to Understand Class Objec

Blake Potvin 5 Aug 30, 2022
โ๐“๐ก๐ž ๐Œ๐จ๐ฌ๐ญ ๐๐จ๐ฐ๐ž๐ซ๐Ÿ๐ฎ๐ฅ๐ฅ ๐†๐ซ๐จ๐ฎ๐ฉ ๐Œ๐š๐ง๐š๐ ๐ž๐ฆ๐ž๐ง๐ญ ๐๐จ๐ญโž

โ๐“๐ก๐ž ๐Œ๐จ๐ฌ๐ญ ๐๐จ๐ฐ๐ž๐ซ๐Ÿ๐ฎ๐ฅ๐ฅ ๐†๐ซ๐จ๐ฎ๐ฉ ๐Œ๐š๐ง๐š๐ ๐ž๐ฆ๐ž๐ง๐ญ ๐๐จ๐ญโž

Abdisamad Omar Mohamed 5 Jun 24, 2022
Cord Python API Client

Cord Python API Client The data programming platform for AI ๐Ÿ’ป Features Minimal low-level Python client that allows you to interact with Cord's API Su

Cord 52 Nov 25, 2022
A Telegram Bot which will ask new Group Members to verify them by solving an emoji captcha.

Emoji-Captcha-Bot A Telegram Bot which will ask new Group Members to verify them by solving an emoji captcha. About API: Using api.abirhasan.wtf/captc

Abir Hasan 52 Dec 11, 2022
AWS Serverless Application Model (SAM) is an open-source framework for building serverless applications

AWS Serverless Application Model (AWS SAM) The AWS Serverless Application Model (SAM) is an open-source framework for building serverless applications

Amazon Web Services 8.9k Dec 31, 2022
A Telelgram Bot to Extract Text from an Image

Text-Scanner-OCR A Telelgram Bot to Extract Text from an Image Configs Vars API_KEY: Your API_KEY from OCR Space GROUP: Your Group Username without '@

ALBY 8 Feb 20, 2022
Python Twitter API

Python Twitter Tools The Minimalist Twitter API for Python is a Python API for Twitter, everyone's favorite Web 2.0 Facebook-style status updater for

Mike Verdone 2.9k Jan 03, 2023
Dante, my discord bot. Open source project in development and not optimized for other filesystems, install and setup script in development

DanteMode (In private development for ~6 months) Dante, my discord bot. Open source project in development and not optimized for other filesystems, in

2 Nov 05, 2021
YouTube playlist Files downloaded by FDM are not organized according to the original order on YouTube

Youtube-Playlist-File-Organizer YouTube playlist Files downloaded by Free Download Manager are not organized according to the original order on YouTub

David Mainoo 3 Dec 27, 2021
Change between dark/light mode depending on the ambient light intensity

svart Change between dark/light mode depending on the ambient light intensity Installation Install using pip $ python3 -m pip install --user svart Ins

Siddharth Dushantha 169 Nov 26, 2022
Singer Tap for dbt Artifacts built with the Meltano SDK

tap-dbt-artifacts tap-dbt-artifacts is a Singer tap for dbtArtifacts. Built with the Meltano SDK for Singer Taps.

Prratek Ramchandani 9 Nov 25, 2022
Programa capaz de gerar QR Code a partir do link inserido.

QrCodePy Programa capaz de gerar QR Code, a partir do link inserido, em forma de imagem e salvar localmente. Exemplo de saรญda: Requisitos Pure Python

Jonas Carvalho 4 Sep 09, 2021
โšกTIKTOK BOT - FAST OPTIMIZED ZEFOY SCRIPT

โšก ZEFOY [ TikTok Zefoy Bot ] Get the script in: discord.gg/onlp !! Official shop: onlp.sellix.io Newest version v.9.0.0 Requirements pip install p

Tekky 186 Dec 31, 2022
A Telegram bot that add a dynamic caption to musics

Music Channel Manager A Telegram bot that add a dynamic caption to musics Deploy to Heroku What is it ? It manage your music channel. With just adding

13 Oct 18, 2022
Wrapper for shh/rsync for use with OpenFOAM and blue bear

bbsync wrapper for shh/rsync for use with OpenFOAM and blue bear About The Project bbsync is a wrapper for shh/rsync for use with OpenFOAM and blue be

1 Dec 10, 2021
Migrate BiliBili watched anime to Bangumi

่ฏดๆ˜Ž ไน‹ๅ‰ไธบไบ†ๅฐ†B็ซ™็œ‹่ฟ‡็š„ๅŠจ็”ป่ฟ็งปๅˆฐbangumiๅ†™็š„, ๆœฌๆฅๅชๆ˜ฏ่‡ชๅทฑ็”จ, ไฝ†ๅ…ฌๅผ€ๅฏ่ƒฝๅฏนๅ…ถไป–ไบบไผšๆœ‰ๅธฎๅŠฉ. ไป“ๅบ“ๆœ€่ฟ‘ๆ— ๆณ•็ปดๆŠค, ็จ‹ๅบๆœ‰ๅพˆๅคš็ผบ็‚น, ๆฌข่ฟŽ PR ๅ’Œ Contributors ไฝฟ็”จ่ฏดๆ˜Ž Python็‰ˆๆœฌ่ฆๆฑ‚๏ผšPython 3.8+ ไฝฟ็”จๅ‰ๅฎ‰่ฃ…ไพ่ต–ๅŒ…๏ผš pip install -r requ

51 Sep 08, 2022
A python script to acquire multiple aws ec2 instances in a forensically sound-ish way

acquire_ec2.py The script acquire_ec2.py is used to automatically acquire AWS EC2 instances. The script needs to be run on an EC2 instance in the same

Deutsche Telekom Security GmbH 31 Sep 10, 2022
The Github repository for the Amari API wrapper.

Amari.py Amari.py is an async, easy to use API wrapper for the AmariBot. Installation Enter any of these commands to install the library: pip install

TheF1ng3r 5 Dec 19, 2022
Powerful and Async API for AnimeWorld.tv ๐Ÿš€

Powerful and Async API for AnimeWorld.tv ๐Ÿš€

1 Nov 13, 2021