Description
GitFive is an OSINT tool to investigate GitHub profiles.
Main features :
- Usernames / names history
- Usernames / names variations
- Email address to GitHub account
- Find GitHub’s accounts from a list of email addresses
- Lists identities used by the target
- Clones and analyze every target’s repos
- Highlights emails tied to GitHub’s target account
- Finds local identities (UPNs, ex : [email protected])
- Finds potential secondary GitHub accounts
- Don’t need repos to work (but better)
- Generates every possible email address combinations and looks for matchs
- Dumps SSH public keys
- JSON export
Optimizations :
- Very low API consumption, stays under the rate-limit
- Multi-processing tasks (bypassing Python’s GIL)
- Async scraping
Workflow
Click here for a full view
Requirements
- Git
- Python >= 3.10
Installation
$ pip3 install pipx
$ pipx ensurepath
$ pipx install gitfive
It will automatically use venvs to avoid dependency conflicts with other projects.
Usage
First, login to GitHub (preferably with a secondary account) :
$ gitfive login
Then, profit :
usage: gitfive [-h] {login,user,email,emails,light} ...
positional arguments:
{login,user,email,emails,light}
login Let GitFive authenticate to GitHub.
user Track down a GitHub user by its username.
email Track down a GitHub user by its email address.
emails Find GitHub usernames of a given list of email addresses.
light Quickly find emails addresses from a GitHub username.
options:
-h, --help show this help message and exit
PS : plz avoid testing on torvalds or other authors of repos with 1 million commits
📄 You can also use –json with user and email modules to export in JSON ! Example :
$ gitfive user mxrch --json mxrch_data.json
Have fun 🥰💞
Video demo
2022-10-06.00-22-32.mp4
Obvious disclaimer
This tool is for educational purposes only, I am not responsible for its use.
Less obvious disclaimer
The use of this tool in an automated paid service / software is strictly forbidden without my personal agreement.
Please use it only in personal, criminal investigations, or open-source projects.
Subscribe to our channel and do not miss new collections of tools in various areas of Information Security.
Posted by: @ESPYER