OSINT tool to get information from a Github and Gitlab profile and find user's email addresses leaked on commits.

Overview

gitrecon

OSINT tool to get information from a Github or Gitlab profile and find user's email addresses leaked on commits.

📚 How does this work?

GitHub uses the email address associated with a GitHub account to link commits and other activity to a GitHub profile. When a user makes commits to public repos their email address is usually published in the commit and becomes publicly accessible, if you know where to look.

GitHub provide some instructions on how to prevent this from happening, but it seems that most GitHub users either don't know or don't care that their email address may be exposed.

Finding a GitHub user's email address is often as simple as looking at their recent events via the GitHub API.

Idea and text from Nick Drewe.

Source: https://thedatapack.com/tools/find-github-user-email/

Disclaimer

As @pielco11 warned, emails and other data can be spoofed in commits.


✔️ Prerequisites


🛠️ Installation

git clone https://github.com/GONZOsint/gitrecon.git
cd gitrecon/
python3 -m pip install -r requirements.txt

It is possible to use a Github access token by editing line 3 of the modules/github_recon.py file. This will prevent a possible API ban.

It is possible to use a Gitlab access token by editing line 3 of the modules/gitlab_recon.py file. This will prevent a possible API ban.

token = '<Access token here>'

🔎 Usage

usage: gitrecon.py [-h] -s {github,gitlab} [-a] [-o] username

positional arguments:
  username

optional arguments:
  -h, --help          show this help message and exit
  -s {github,gitlab}  sites selection
  -a, --avatar        download avatar pic
  -o, --output        save output

Results are saved in results/<username>/ path.


⚔️ Features

  • Gitlab and Github leaked emails on commits

  • Gitlab and Github SSH keys

Github SSH keys Gitlab SSH keys
ID
Tittle
Created at
Expires at
Key Key
  • Gitlab and Github profile info

Github profile info Gitlab profile info
Username Username
Name Name
User ID User ID
State
Status
Avatar url Avatar url
Email Email
Location Location
Bio Bio
Company Organization
Organizations
Job title
Work information
Blog Web
Gravatar ID
Twitter Twitter
Skype
Linkedin
Followers Followers
Following Following
Created at Created at
Updated at

🔒 Prevention

Configurations on Github:

Configurations on Gitlab:

Owner
GOΠZO
GOΠZO
AWS CloudSaga - Simulate security events in AWS

AWS CloudSaga - Simulate security events in AWS AWS CloudSaga is for customers to test security controls and alerts within their Amazon Web Services (

Amazon Web Services - Labs 325 Dec 01, 2022
A discord bot wrapper for python have slash command

A discord bot wrapper for python have slash command

4 Dec 04, 2021
A simple Spamming software made in python

Spam-qlk Warning!!! 'I' am not responsible for the 'damage or harm' caused by this 'Software'!!! Use at your own risk!!! Input the message. After you

Aditya kumar 1 Nov 30, 2021
Mikasa is a 100% Spanish bot, a multifunctional bot, Mikasa is in beta.

Mikasa Miaksa, It is a multi-functional discord bot that is currently in development, this is not complete, there are still many things to fix and imp

Made in 2 Oct 05, 2021
A client library for the REST API of DocuWare's DMS

docuware-client This is a client library for the REST API of DocuWare DMS. Since DocuWare's documentation regarding the REST API is very sparse (at th

Stefan Schönberger 1 Feb 23, 2022
A Discord bot to play bluffing games like Dobbins or Bobbins

Usage: pip install -r requirements.txt python3 bot.py DISCORD_BOT_TOKEN Gameplay: All commands are case-insensitive, with trailing punctuation and spa

4 May 27, 2022
Wanna play on the Overwatch NA servers?

OverwatchRegionSwapper-NA- Wanna play on the Overwatch NA servers? Use at you own risk. LIST OF IPs EU Netherlands: From: 5.42.168.0 to: 5.42.175.255

1 Jun 08, 2022
Python client for the Socrata Open Data API

sodapy sodapy is a python client for the Socrata Open Data API. Installation You can install with pip install sodapy. If you want to install from sour

Cristina 368 Dec 09, 2022
Linkvertise-bypass - Tools pour bypass les liens Linkvertise

Installation | Important | Discord 🌟 Comme Linkvertise bypass est gratuit, les

GalackQSM 3 Aug 31, 2022
Script to post multiple status(posts) on twitter

Script to post multiple status on twitter (i.e. TWITTER STORM) This program can post upto maximum limit of twitter(around 300 tweets) within seconds.

Sandeep Kumar 4 Sep 09, 2021
Auxiliator is telegram bot for basic web-application analysis

Auxiliator Auxiliator is telegram bot for basic web-application analysis What for? Sometimes there is no access to your main PC, where you can scan we

Revoltage 13 Dec 26, 2021
A head unit UI designed to replace the RTx/SMEG/RNEG/NG4/RCC/NAC

HeadUnit UI (Come discuss about it on our Discord!) Intro This is the UI part of a headunit project from OpenLeo, based on python and kivy, it looks l

OpenLeo 6 Nov 23, 2022
Discord-RAID-Tool - Hacks/tools

How to use Python must be installed run install-config If you dont have python installed, download python 3.7.6 and make sure you click on the 'ADD TO

1 Jan 01, 2022
A bot that connects your guild chat to a Discord channel, written in Python.

Guild Chat Bot A bot that connects your guild chat to a discord channel. Uses discord.py and pyCraft Deploy on Railway Railway is a cloud development

Evernote 10 Sep 25, 2022
Paid Udemy Courses with Coupons

Freedemy Paid Udemy Courses with Coupons Steps to run pip3 install -r requirements.txt python3 free-courses.py Then you can click the Enroll Link and

GOKUL A.P 23 Dec 14, 2022
A Simple Telegram Inline Torrent Search Bot by @infotechIT

Torrent-Search-RoBot A Simple Telegram Inline Torrent Search Bot by @infotechIT. Torrent API Using api.infotech.wtf API Host Bot Deploy to Heroku Clic

InfoTech 0 May 05, 2022
twtxt is a decentralised, minimalist microblogging service for hackers.

twtxt twtxt is a decentralised, minimalist microblogging service for hackers. So you want to get some thoughts out on the internet in a convenient and

buckket 1.8k Jan 09, 2023
A full-fledged discord bot with moderation and a lot more.

HOT-BOT-POL-POT ⭐ Star me on GitHub m'lady.... hot-bot-pol-pot is a moderation discord bot written using enhanced-dpy library with many functionalitie

Pure Cheekbones 4 Oct 08, 2022
Twitter-Scrapping - Tweeter tweets extracting using python

Twitter-Scrapping Twitter tweets extracting using python This project is to extr

Suryadeepsinh Gohil 2 Feb 04, 2022
Discord bot for name verifying. Created for TinkerHubGCEK discord server. Tinky is now deployed in heroku

Custom Discord bot This custom discord-python bot assigns roles to members joined at discord server. It looks and compares a list before verifying the

Edwin Jose George 2 Dec 16, 2021