Search by email in GitHub

It’s hard not to have a GitHub repository if you’re doing any kind of development.

Of course, with the code, a person leaves an email in the repository – most often personal, sometimes work, sometimes both together.

What to do when we only have an email address on hand?

Code search on GitHub itself has several limitations and non-obviousness. But it still gives a great chance to stumble upon a match – often the author’s contact appears in the code.

Search by email in commits, unfortunately, is not possible. But there is a search in a public mailbox using the test in: email type modifier. Useless for the most part, because the box from the profile is very likely to be indexed by Google.

Fuzzy search is frustrating, for example: in the screenshot above, GitHub for some reason searched not for the string [email protected] , but for three substrings: test, example and com.

The grep.app site will definitely solve the problem with fuzzy search. It searches 500K popular repositories, supports regular expressions, and of course, exact matches.

As can be seen from the screenshot, the results are poor . And it also can’t search by commits. But for complex searches, the site is perfect, so when you only know part of the email, it will be verry useful.

Example below: search in a corporate mailbox, for following format: [email protected], the name “Vlad” and the end of the surname “ov” are known.

The biggest disadvantage: of course, the small amount of data. We are not sure that the site will ever be able to search all repositories in real time (because GitHub simply does not provide API).

Google BigQuery

I still consider the dataset of free GitHub repositories posted in Google BigQuery to be the most promising tool. 2.8 million repositories, more than 2 billion files, 145 million commits, the total size is about 3 terabytes.

And for all this, an SQL-query interface is available, which allows you to make queries by email, name, pieces of code.

The dataset is a bit depersonalized. This means that in the commit metadata we will find not the mailbox [email protected] , but [email protected] This will not stop us, since we already must have the name of the box. Therefore, it is enough to make SHA1 from the header of the email – and the search expression is ready.

And yes the commit link is always stored nearby, so the email can be observed manually if the repository is still available on GitHub.

Search algorithm

  1. Suppose we are sure that the person’s nickname is also used as the mailbox name. We take it as search criteria (example: soxoj).

     2. We make  SHA1 — online or via console: echo -n “soxoj” | sha1sum
     3.
We check the interface for requests. We will be asked to create a project, if you don’t have it yet, create it.

    4. Enter the following query:

select
    repo_name, commit,
    author.name, author.email,
    committer.name,  committer.email
from
    bigquery-public-data.github_repos.commits
where
  author.email like '4b9e910872a66d9b7d7e137ad70e3abfaad7eda7%'
  or 
  committer.email like '4b9e910872a66d9b7d7e137ad70e3abfaad7eda7%'

What are we doing with this request?

We request the name of the repository, the hash of the commit, the name and email for the author and committer. We are looking for in the table with commits. We need to filter by email, specifying its beginning – the hashed name.

  1. Click “Run”, wait, get a table of repositories, commits and “impersonal” email addresses.

The email is obvious (now we can see the domain), and the rest can be viewed directly in the repository. The link is formed as repo_name+commit:

https://github.com/rs/domcheck/commit/b0d1a1427e22805cea2cedc49039facbb5e516e4

It is required to count on Quotas. That is why we were asked to create a project. It means that with mass requests to the API, it would be required to allocate some money amount at Google. For example, I quickly ran out of 1 TB money quota due to regional restrictions – it is calculated for each project.

Thus, you can search for more complex cases – depending on your case.

Of course, no universal tools that will solve all your search problems. It always makes sense to take a fresh look at familiar things and try to use them outside the box.

Ref.: https://telegra.ph/Ishchem-po-email-v-GitHub-11-01

Subscribe to our channel and do not miss new collections of tools in various areas of Information Security.

  Posted by: @ESPYER.

Facebook
Twitter
LinkedIn
5 social monitoring tools great for OSINT

5 Social Media Monitoring Tools

In this article we’ll talk about the following social monitoring tools:
Hootsuite, Brand24, Mention, Sprout Social, Synthesio.
For each of these we’ll know the main benefits of using it, as well as reason to chose another tool, based on your needs! Here goes 🙂

Read More »
OSINT Investigating questions

OSINT for Businesses: A Guide to Conducting Due Diligence and Intelligence Investigations

In this article, we’ll explore how businesses can use OSINT techniques to gather information and conduct due diligence and intelligence investigations.

Open-source intelligence (OSINT) is the process of gathering information from publicly available sources to support decision-making and informed action.

For businesses, OSINT can be a valuable tool for conducting due diligence and intelligence investigations, providing a wealth of information on potential partners, competitors, and threats.
However, with the increasing use of artificial intelligence (AI) in online investigations, it’s important to know how to gather information while avoiding detection.

Read More »

ProfileNINJA

A Revolutionary API to Check If Your Personal Information is Compromised.
Are you tired of constantly worrying about your personal information being compromised? Well, let me introduce you to ProfileNINJA, a one-of-a-kind API service listed on the RapidAPI marketplace.

ProfileNINJA takes the hassle out of checking if your personal information has been leaked by searching through databases linked to popular social media platforms like Twitter, Facebook, VK, Instagram, Telegram, and LinkedIn.

Read More »

People Data Lookup API

People Data Lookup API on RapidAPI is a service that allows users to search and retrieve information about individuals using phone number, email address, password, or full name. The API offers accurate and updated information that can be used for various purposes such as fraud detection, verification, and customer engagement. The service is accessible through RapidAPI, a platform that connects developers with over 16,000 APIs.

Read More »

SCAN FOR WEBCAMS WORLDWIDE

With Shodan Exploit, you will have all your calls on your terminal. It also allows you to make detailed searches.
All you have to do without running Shodansploiti is to add shodan api.

Read More »