OSINT tool to get information from a Github and Gitlab profile and find user's email addresses leaked on commits.

Overview

gitrecon

OSINT tool to get information from a Github or Gitlab profile and find user's email addresses leaked on commits.

📚 How does this work?

GitHub uses the email address associated with a GitHub account to link commits and other activity to a GitHub profile. When a user makes commits to public repos their email address is usually published in the commit and becomes publicly accessible, if you know where to look.

GitHub provide some instructions on how to prevent this from happening, but it seems that most GitHub users either don't know or don't care that their email address may be exposed.

Finding a GitHub user's email address is often as simple as looking at their recent events via the GitHub API.

Idea and text from Nick Drewe.

Source: https://thedatapack.com/tools/find-github-user-email/

Disclaimer

As @pielco11 warned, emails and other data can be spoofed in commits.


✔️ Prerequisites


🛠️ Installation

git clone https://github.com/GONZOsint/gitrecon.git
cd gitrecon/
python3 -m pip install -r requirements.txt

It is possible to use a Github access token by editing line 3 of the modules/github_recon.py file. This will prevent a possible API ban.

It is possible to use a Gitlab access token by editing line 3 of the modules/gitlab_recon.py file. This will prevent a possible API ban.

token = '<Access token here>'

🔎 Usage

usage: gitrecon.py [-h] -s {github,gitlab} [-a] [-o] username

positional arguments:
  username

optional arguments:
  -h, --help          show this help message and exit
  -s {github,gitlab}  sites selection
  -a, --avatar        download avatar pic
  -o, --output        save output

Results are saved in results/<username>/ path.


⚔️ Features

  • Gitlab and Github leaked emails on commits

  • Gitlab and Github SSH keys

Github SSH keys Gitlab SSH keys
ID
Tittle
Created at
Expires at
Key Key
  • Gitlab and Github profile info

Github profile info Gitlab profile info
Username Username
Name Name
User ID User ID
State
Status
Avatar url Avatar url
Email Email
Location Location
Bio Bio
Company Organization
Organizations
Job title
Work information
Blog Web
Gravatar ID
Twitter Twitter
Skype
Linkedin
Followers Followers
Following Following
Created at Created at
Updated at

🔒 Prevention

Configurations on Github:

Configurations on Gitlab:

You might also like...
This is a simple program that uses Python and pyTwitchAPI to retrieve the list of users in a streamer's chat and then checks each one of these users to see if they follow the broadcaster or not

This is a simple program that uses Python and pyTwitchAPI to retrieve the list of users in a streamer's chat and then checks each one of these users to see if they follow the broadcaster or not

Discord bot code to stop users that are scamming with fake messages of free discord nitro on servers in order to steal users accounts.
Discord bot code to stop users that are scamming with fake messages of free discord nitro on servers in order to steal users accounts.

AntiScam Discord bot code to stop users that are scamming with fake messages of free discord nitro on servers in order to steal users accounts. How to

A Bot Telegram Anti Users Channel to automatic ban users who using channel to send message in group.

Tg_Anti_UsersChannel A Bot Telegram Anti Users Channel to automatic ban users who using channel to send message in group. Features: Automatic ban Whit

Yandex OSINT tool
Yandex OSINT tool

YaSeeker Description YaSeeker - an OSINT tool to get info about any Yandex account using email or login. It can find: Fullname Photo Gender Yandex UID

A twitter multi-tool for OSINT on twitter accounts.

TwitterCheckr A twitter multi-tool for OSINT on twitter accounts. Infomation TwitterCheckr also known as TCheckr is multi-tool for OSINT on twitter a

Find rare users in discord servers

BadgeScraper Find rare users in discord servers How to use Replace the guild_id, server_id and token by the values you wanna use If you never used dis

Github-Checker - Simple Tool To Check If Github User Available Or Not
Github-Checker - Simple Tool To Check If Github User Available Or Not

Github Checker Simple Tool To Check If Github User Available Or Not Socials: Lan

A simple Facebook Account generator, written in python (needs different Email so Accounts do not get banned)

FacebookAccountGenerator FAB is a Facebook-Account generating script, written in python Installation Use the package manager pip to install selenium p

Signs the target email up to over 1000 different mailing lists to get spammed each day.

Email Bomber Say goodbye to that email Features Signs up to over 1k different mailing lists Written in python so the program is lightweight Easy to us

Comments
  • throw false information in GITLAB and GITHUB

    throw false information in GITLAB and GITHUB

    GITLAB: throw false information in GITLAB.

    [!] Username not found


    GITHUB: └─# python3 gitrecon.py -s github -a -o kennbroorg Traceback (most recent call last): File "/home/tedd/TOOLS/gitrecon/gitrecon.py", line 270, in user_info, keys = github_user_recon(args.username) File "/home/tedd/TOOLS/gitrecon/gitrecon.py", line 38, in github_user_recon github_recon.extract_orgs(username) File "/home/tedd/TOOLS/gitrecon/modules/github_recon.py", line 44, in extract_orgs orgs_list.append(org['login']) TypeError: string indices must be integers

    opened by ManuelBot59 1
Owner
GOΠZO
GOΠZO
A repo-watcher to watch for commits on a repo an trigger GitHub action by sending a `repository_dispatch` event to destinantion repo

repo-watcher-dispatch-sender This app is used to send a repository_dispatch event to the destination repo set in config.py or Environmental Variables

Divide Projects™ 2 Feb 6, 2022
The records of 42 million users from a third-party version of the popular Telegram messaging app have just been Iranian accounts leaked

TelegramDatabase About The records of 42 million users from a third-party version of the popular Telegram messaging app have just been Iranian account

Hamed Mohammadvand 10 Jan 14, 2022
A Python Instagram Scraper for Downloading Profile's Posts, stories, ProfilePic and See the Details of Particular Instagram Profile.

✔ ✔ InstAstra ⚡ ⚡ ⁜ Description ~ A Python Instagram Scraper for Downloading Profile's Posts, stories, ProfilePic and See the Details of Particular In

null 12 Jun 23, 2022
Webservice that notifies users on Slack when a change in GitLab concern them.

Gitlab Slack Notifier Webservice that notifies users on Slack when a change in GitLab concern them. Setup Slack Create a Slack app, go to "OAuth & Per

Heuritech 2 Nov 4, 2021
Get Notified about vaccine availability in your location on email & sms ✉️! Vaccinator Octocat tracks & sends personalised vaccine info everday. Go get your shot ! 💉

Vaccinater Get Notified about vaccine availability in your location on email & sms ✉️ ! Vaccinator Octocat tracks & sends personalised vaccine info ev

Mayukh Pankaj 6 Apr 28, 2022
Automatically commits and pushes changes from a specified directory to remote repository

autopush a simple python program that checks a directory for updates and automatically commits any updated files (and optionally pushes them) installa

carreb 1 Jan 16, 2022
radiant discord anti nuke src leaked lol.

radiant-anti-wizz-leaked radiant discord anti nuke src leaked lol, the whole anti sucks but idc. sucks to suck thats tuff bro LMAOOOOOO join my server

ok 15 Aug 6, 2022
Discord Bot Sending Members - Leaked by BambiKu ( Me )

Wokify Bot Discord Bot Sending Members - Leaked by BambiKu ( Me ) Info The Bot was orginaly made by someone else! Ghost-Dev just wanted to sell "priva

bambiku 6 Jul 5, 2022
A Fork of Gitlab's Permifrost tool for managing Snowflake Permissions

permifrost-fork This is a fork of the GitLab permifrost project. As the GitLab team is not currently maintaining the project, we've taken on maintenac

Hightouch 7 Oct 13, 2021
A discord bot can stress ip addresses with python tool

Python-ddos-bot Coded by Lamp#1442 A discord bot can stress ip addresses with python tool. Warning! DOS or DDOS is illegal, i shared for educational p

IrgyGANS 1 Nov 16, 2021