Investigate GitHub

Description

GitFive is an OSINT tool to investigate GitHub profiles.

Main features :

  • Usernames / names history
  • Usernames / names variations
  • Email address to GitHub account
  • Find GitHub’s accounts from a list of email addresses
  • Lists identities used by the target
  • Clones and analyze every target’s repos
  • Highlights emails tied to GitHub’s target account
  • Finds local identities (UPNs, ex : [email protected])
  • Finds potential secondary GitHub accounts
  • Don’t need repos to work (but better)
  • Generates every possible email address combinations and looks for matchs
  • Dumps SSH public keys
  • JSON export

Optimizations :

  • Very low API consumption, stays under the rate-limit
  • Multi-processing tasks (bypassing Python’s GIL)
  • Async scraping

Workflow

Click here for a full view

 

Requirements

  • Git
  • Python >= 3.10

Installation

$ pip3 install pipx
$ pipx ensurepath
$ pipx install gitfive

It will automatically use venvs to avoid dependency conflicts with other projects.

Usage

First, login to GitHub (preferably with a secondary account) :

$ gitfive login

Then, profit :

usage: gitfive [-h] {login,user,email,emails,light} ...

positional arguments:
  {login,user,email,emails,light}
    login               Let GitFive authenticate to GitHub.
    user                Track down a GitHub user by its username.
    email               Track down a GitHub user by its email address.
    emails              Find GitHub usernames of a given list of email addresses.
    light               Quickly find emails addresses from a GitHub username.

options:
  -h, --help            show this help message and exit

PS : plz avoid testing on torvalds or other authors of repos with 1 million commits

📄 You can also use –json with user and email modules to export in JSON ! Example :

$ gitfive user mxrch --json mxrch_data.json

Have fun 🥰💞

Video demo

 2022-10-06.00-22-32.mp4 

Obvious disclaimer

This tool is for educational purposes only, I am not responsible for its use.

Less obvious disclaimer

The use of this tool in an automated paid service / software is strictly forbidden without my personal agreement.
Please use it only in personal, criminal investigations, or open-source projects.

Subscribe to our channel and do not miss new collections of tools in various areas of Information Security.

  Posted by: @ESPYER

Facebook
Twitter
LinkedIn

Unveiling the Power of OSINT: A Guide by Expert Lina

This article provides a comprehensive guide to OSINT (Open Source Intelligence), led by Lina, an expert at ESPYSYS. The guide includes a detailed walkthrough of the IRBIS OSINT tool, real-life case studies, tips for maintaining anonymity, and a special offer for viewers.

Read More »

SpiderFoot: The Ultimate OSINT Tool

SpiderFoot is a powerful open-source intelligence (OSINT) automation tool designed for cybersecurity professionals. It streamlines the process of gathering intelligence from various online sources, making it essential for investigating suspicious activities and managing internet-facing assets.

Read More »

A Simple Solution to Combat Financial Fraud: Phone Lookup

Discover how phone lookup services, like IRBIS, can help businesses identify fake numbers and prevent fraud. With easy API integration, businesses can enhance their security measures and protect their operations. Learn more about the power of phone lookup services in our comprehensive guide.

Read More »