Git colombo is an OSINT tool to extract info about persons from git repositories: common names, emails, matches between different (as it may seems) accounts.

Using

  • Install git
  • Run:

from any git url
./gitcolombo.py -u https://github.com/Kalanchyovskaia16/newlps
from directory, recursively
./gitcolombo.py -d ./newlps -r
from all GitHub personal/org repos by nickname
./gitcolombo.py –nickname LubyRuffy

For batch cloning from Gitlab and Bitbucket group repos you can use ghorg.

Output:

  • verbose persons info
    • name
    • email
    • number of appearences as author/committer
    • other persons that person can be
  • emails used for the same name
  • different names for the same person
  • general statistics

What’s the difference between git author and committer?

TL;DR

  • author wrote the code (make the patch)
  • commiter commit it to the repo (rewrite history, make pull/merge requests…)

Nice explanation: https://stackoverflow.com/questions/18750808/difference-between-author-and-committer-in-git

Very often developers make inaccurate commits with the one name/email (e.g. work account), then change to the right (e.g. personal account) and make git commit --amend, but forget to change the author of the commit. This way we can use it for OSINT as match of names/emails from git history.

Download

RELATED ARTICLESMORE FROM AUTHOR

LEAVE A REPLY

Please enter your comment!
Please enter your name here