OSINT tool to get information from a Github and Gitlab profile and find user's email addresses leaked on commits.

Related tags

Third-party APIs Wrappersgitrecon
Overview

gitrecon

OSINT tool to get information from a Github or Gitlab profile and find user's email addresses leaked on commits.

๐Ÿ“š How does this work?

GitHub uses the email address associated with a GitHub account to link commits and other activity to a GitHub profile. When a user makes commits to public repos their email address is usually published in the commit and becomes publicly accessible, if you know where to look.

GitHub provide some instructions on how to prevent this from happening, but it seems that most GitHub users either don't know or don't care that their email address may be exposed.

Finding a GitHub user's email address is often as simple as looking at their recent events via the GitHub API.

Idea and text from Nick Drewe.

Source: https://thedatapack.com/tools/find-github-user-email/

โ— Disclaimer

As @pielco11 warned, emails and other data can be spoofed in commits.

โœ”๏ธ Prerequisites

๐Ÿ› ๏ธ Installation

git clone https://github.com/GONZOsint/gitrecon.git
cd gitrecon/
python3 -m pip install -r requirements.txt

It is possible to use a Github access token by editing line 3 of the modules/github_recon.py file. This will prevent a possible API ban.

It is possible to use a Gitlab access token by editing line 3 of the modules/gitlab_recon.py file. This will prevent a possible API ban.

token = '<Access token here>'

๐Ÿ”Ž Usage

usage: gitrecon.py [-h] -s {github,gitlab} [-a] [-o] username

positional arguments:
  username

optional arguments:
  -h, --help          show this help message and exit
  -s {github,gitlab}  sites selection
  -a, --avatar        download avatar pic
  -o, --output        save output

Results are saved in results/<username>/ path.

โš”๏ธ Features

  • Gitlab and Github leaked emails on commits

  • Gitlab and Github SSH keys

Github SSH keys Gitlab SSH keys
ID โŒ
โŒ Tittle
โŒ Created at
โŒ Expires at
Key Key

  • Gitlab and Github profile info

Github profile info Gitlab profile info
Username Username
Name Name
User ID User ID
โŒ State
โŒ Status
Avatar url Avatar url
Email Email
Location Location
Bio Bio
Company Organization
Organizations โŒ
โŒ Job title
โŒ Work information
Blog Web
Gravatar ID โŒ
Twitter Twitter
โŒ Skype
โŒ Linkedin
Followers Followers
Following Following
Created at Created at
Updated at โŒ

๐Ÿ”’ Prevention

Configurations on Github:

Configurations on Gitlab:

  • Settings url: https://gitlab.com/-/profile

    • โœ”๏ธ Public email: do not show on profile

    • โœ”๏ธ Commit email: use a private email

Owner
GOฮ ZO
GOฮ ZO
GitHub Repository
๐Ÿ“ท An Instagram bot written in Python using Selenium on Google Chrome

๐Ÿ“ท An Instagram bot written in Python using Selenium on Google Chrome. It will go through posts in hashtag(s) and like and comment on them.

anniedotexe 47 Dec 19, 2022
light wrapper for indeed.com api

Simple wrapper for indeed api. go to indeed.com - register for api publisher token example from indeed import IndeedApi token = 'your token' api =

16 Sep 21, 2022
A python wrapper for the mangadex API V5. Work in progress

mangadex A python wrapper for the mangadex API V5. It uses the requests library and all the aditional arguments can be viewed in the Official Mangadex

Eduardo Ceja 27 Dec 14, 2022
AWSXenos will list all the trust relationships in all the IAM roles and S3 buckets

AWS External Account Scanner Xenos, is Greek for stranger. AWSXenos will list all the trust relationships in all the IAM roles, and S3 buckets, in an

AirWalk 57 Nov 07, 2022
An example Music Bot written in Disnake and uses slash commands to operate.

Music Bot An example music bot that is written in Disnake [Maintained discord.py Fork] Disnake Disnake is a maintained and updated fork of discord.py.

6 Jan 08, 2022
A modern Python client for controlling Wyze devices.

Python Wyze SDK A modern Python client for controlling Wyze devices. Whether you're building a custom app, or integrating into a third-party service l

Shaun Tarves 205 Jan 02, 2023
Custom bot I've made to host events on my personal Discord server.

discord_events Custom bot I've made to host events on my personal Discord server. You can try the bot out in my personal server here: https://discord.

AlexFlipnote 5 Mar 16, 2022
Discord bot do sprawdzania ceny pizzy.

Discord bot do sprawdzania ceny pizzy w pizzeri Bombola. Umieszczony jest na platformie Heroku, dziฤ™ki czemu dziaล‚a 24/7. Commands List Info: Jako com

1 Sep 18, 2021
Portal Backend for Yuta management

Portal Backend for Yuta management Prerequisites Python 3.10 or above. pip, pdm installed. Quickstart Install the required packages: pdm install Runn

Loc Mai 1 Dec 20, 2021
fair-test is a library to build and deploy FAIR metrics tests APIs supporting the specifications used by the FAIRMetrics working group.

โ˜‘๏ธ FAIR test fair-test is a library to build and deploy FAIR metrics tests APIs supporting the specifications used by the FAIRMetrics working group. I

Maastricht University IDS 6 Oct 30, 2022
Sniper for Anigame and Izzi discord bots!

Anigame Sniper Gen-3 Features Inbuilt Spammer Responds to your messages in discord (on/off) Snipes only where you want it to Set latency so that the b

22 Nov 13, 2022
Decryption utility for PGP Whole Disk Encryption

wdepy: Decryption and Inspection for PGP WDE Disks This is a small python tool to inspect and decrypt disk images encrypted with PGP Whole Disk Encryp

Brendan Dolan-Gavitt 17 Oct 07, 2022
The AWS Lambda Serverless Blind XSS App

Ass The AWS Lambda Serverless Blind XSS App ๅˆฉ็”จVPS้…็ฝฎXSSๅนณๅฐๅคช้บป็ƒฆไบ†๏ผŒๅฆ‚ๆžœๅˆฉ็”จAWS็š„Lambda้‚ฃไธๅฐฑๆ˜ฏไธ€ไธชๅŸŸๅ็š„ไบ‹ๆƒ…ไนˆ๏ผŸๅ‰ฉไธ‹็š„็Žฏๅขƒ้…็ฝฎใ€HTTPS่ฏไนฆใ€้š็งๆ€งใ€VPS็ปญ่ดน้ƒฝไธ็”จ็ฎกไบ†๏ผŒ ๆ‰€ไปฅๆ นๆฎxless้‡ๅ†™ไบ†Lambdaๅนณๅฐ็š„XSS๏ผŒๅˆฉ็”จsla

cocokey 2 Dec 27, 2021
๐€ ๐ฆ๐จ๐๐ฎ๐ฅ๐š๐ซ ๐“๐ž๐ฅ๐ž๐ ๐ซ๐š๐ฆ ๐†๐ซ๐จ๐ฎ๐ฉ ๐ฆ๐š๐ง๐š๐ ๐ž๐ฆ๐ž๐ง๐ญ ๐›๐จ๐ญ ๐ฐ๐ข๐ญ๐ก ๐ฎ๐ฅ๐ญ๐ข๐ฆ๐š๐ญ๐ž ๐Ÿ๐ž๐š๐ญ๐ฎ๐ซ๐ž๐ฌ !!

๐‡๐จ๐ฐ ๐“๐จ ๐ƒ๐ž๐ฉ๐ฅ๐จ๐ฒ For easiest way to deploy this Bot click on the below button ๐Œ๐š๐๐ž ๐๐ฒ ๐’๐ฎ๐ฉ๐ฉ๐จ๐ซ๐ญ ๐†๐ซ๐จ๐ฎ๐ฉ ๐’๐จ๐ฎ๐ซ๐œ๐ž๐ฌ ๐†๐ž๐ง๐ž?

Mukesh Solanki 1 Dec 10, 2021
GG Dorking is a tool to generate GitHub and Google dorking for pentesters and bug bounty hunters.

GG-Dorking GG Dorking is a python tool to generate GitHub and Google dorking links for pentesters and bug bounty hunters. It will help you to find imp

Eslam Akl 80 Nov 24, 2022
A code that can make your 5 accounts stay 24/7 in a discord voice channel!

Voicecord A code that can make your 5 accounts stay 24/7 in a discord voice channel! Usage ใƒปFork the repo ใƒปClone it to replit ใƒปInstall the required pa

DraKenCodeZ 3 Jan 09, 2022
Telegram Reporter

[Telegram Reporter v.3 ] ๐Ÿ‡ฎ๐Ÿ‡ท AliCybeRR ๐Ÿ‡ฎ๐Ÿ‡ท [ AliCybeRR.Reporter feature ] Login Your Telegram account ๐Ÿ‘ฝ support Termux โ• No Limits โšก Secure ๐Ÿ” Free

AliCybeRR 1 Jun 08, 2022
This tool is created by Shahzain and is one of the best self bots out there!

Shahzain SelfBot This tool is created by Shahzain and is one of the best self bots out there! Features Token Destroyer! Server Nuker(50-100 Bans Per S

Shahzain 6 Apr 02, 2022
Python Dialogflow CX Scripting API (SCRAPI)

Python Dialogflow CX Scripting API (SCRAPI) A high level scripting API for bot builders, developers, and maintainers. Table of Contents Introduction W

Google Cloud Platform 39 Dec 09, 2022
Modern Desktop Jellyfin Client written in Python and Vue for the UI [WIP]

JellyPlayer Modern Jellyfin Client Installation Install Requirements: Install Python 3 Install dependencies Install node deps for frontend, go to Jell

Prayag Prajapati 57 Dec 12, 2022