GitFive OSINT tool
2022-11-20 14:51:50 Author: reconshell.com(查看原文) 阅读量:31 收藏
gitfive

Track down GitHub users

GitFive is an OSINT tool to investigate GitHub profiles.

Main features :

  • Usernames / names history
  • Usernames / names variations
  • Email address to GitHub account
  • Find GitHub’s accounts from a list of email addresses
  • Lists identities used by the target
  • Clones and analyze every target’s repos
  • Highlights emails tied to GitHub’s target account
  • Finds local identities (UPNs, ex : [email protected])
  • Finds potential secondary GitHub accounts
  • Don’t need repos to work (but better)
  • Generates every possible email address combinations and looks for matchs
  • Dumps SSH public keys
  • JSON export

Optimizations :

  • Very low API consumption, stays under the rate-limit
  • Multi-processing tasks (bypassing Python’s GIL)
  • Async scraping

Workflow

wordflow

Requirements

  • Git
  • Python >= 3.10

Installation

$ pip3 install pipx
$ pipx ensurepath
$ pipx install gitfive

It will automatically use venvs to avoid dependency conflicts with other projects.

Usage

First, login to GitHub (preferably with a secondary account) :

$ gitfive login

Then, profit :

usage: gitfive [-h] {login,user,email,emails,light} ...

positional arguments:
  {login,user,email,emails,light}
    login               Let GitFive authenticate to GitHub.
    user                Track down a GitHub user by its username.
    email               Track down a GitHub user by its email address.
    emails              Find GitHub usernames of a given list of email addresses.
    light               Quickly find emails addresses from a GitHub username.

options:
  -h, --help            show this help message and exit

PS : plz avoid testing on torvalds or other authors of repos with 1 million commits

You can also use –json with user and email modules to export in JSON ! Example :

$ gitfive user mxrch --json mxrch_data.json

Have fun 

Video demo

Obvious disclaimer

This tool is for educational purposes only, I am not responsible for its use.

Less obvious disclaimer

The use of this tool in an automated paid service / software is strictly forbidden without my personal agreement.
Please use it only in personal, criminal investigations, or open-source projects.

The Gitfive is a github repository by mxrch


文章来源: https://reconshell.com/gitfive-osint-tool/
如有侵权请联系:admin#unsafe.sh