Investigate GitHub

Description

GitFive is an OSINT tool to investigate GitHub profiles.

Main features :

  • Usernames / names history
  • Usernames / names variations
  • Email address to GitHub account
  • Find GitHub’s accounts from a list of email addresses
  • Lists identities used by the target
  • Clones and analyze every target’s repos
  • Highlights emails tied to GitHub’s target account
  • Finds local identities (UPNs, ex : [email protected])
  • Finds potential secondary GitHub accounts
  • Don’t need repos to work (but better)
  • Generates every possible email address combinations and looks for matchs
  • Dumps SSH public keys
  • JSON export

Optimizations :

  • Very low API consumption, stays under the rate-limit
  • Multi-processing tasks (bypassing Python’s GIL)
  • Async scraping

Workflow

Click here for a full view

 

Requirements

  • Git
  • Python >= 3.10

Installation

$ pip3 install pipx
$ pipx ensurepath
$ pipx install gitfive

It will automatically use venvs to avoid dependency conflicts with other projects.

Usage

First, login to GitHub (preferably with a secondary account) :

$ gitfive login

Then, profit :

usage: gitfive [-h] {login,user,email,emails,light} ...

positional arguments:
  {login,user,email,emails,light}
    login               Let GitFive authenticate to GitHub.
    user                Track down a GitHub user by its username.
    email               Track down a GitHub user by its email address.
    emails              Find GitHub usernames of a given list of email addresses.
    light               Quickly find emails addresses from a GitHub username.

options:
  -h, --help            show this help message and exit

PS : plz avoid testing on torvalds or other authors of repos with 1 million commits

📄 You can also use –json with user and email modules to export in JSON ! Example :

$ gitfive user mxrch --json mxrch_data.json

Have fun 🥰💞

Video demo

 2022-10-06.00-22-32.mp4 

Obvious disclaimer

This tool is for educational purposes only, I am not responsible for its use.

Less obvious disclaimer

The use of this tool in an automated paid service / software is strictly forbidden without my personal agreement.
Please use it only in personal, criminal investigations, or open-source projects.

Subscribe to our channel and do not miss new collections of tools in various areas of Information Security.

  Posted by: @ESPYER

Share This Article
Latest Articles

Finding the right solution

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Skip to content