Gitrecon is a OSINT tool to get information from a Github or Gitlab profile and find user’s email addresses leaked on commits.
How does this work?
GitHub uses the email address associated with a GitHub account to link commits and other activity to a GitHub profile. When a user makes commits to public repos their email address is usually published in the commit and becomes publicly accessible, if you know where to look.
GitHub provide some instructions on how to prevent this from happening, but it seems that most GitHub users either don’t know or don’t care that their email address may be exposed.
Finding a GitHub user’s email address is often as simple as looking at their recent events via the GitHub API.
Installation
git clone https://github.com/GONZOsint/gitrecon.git
cd gitrecon/
python3 -m pip install -r requirements.txt
modules/github_recon.py
file. This will prevent a possible API ban.modules/gitlab_recon.py
file. This will prevent a possible API ban.token = ‘<Access token here>‘
Usage
Usage: gitrecon.py [-h] -s {github,gitlab} [-a] [-o] username
Positional Arguments:
username
Optional Arguments:
-h, –help show this help message and exit
-s {github,gitlab} sites selection
-a, –avatar download avatar pic
-o, –output save output
Results are saved in results// path.
Features
Gitlab and Github leaked emails on commits
Github SSH keys | Gitlab SSH keys |
---|---|
ID | ❌ |
❌ | Tittle |
❌ | Created at |
❌ | Expires at |
Key | Key |
Github profile info | Gitlab profile info |
---|---|
Username | Username |
Name | Name |
User ID | User ID |
❌ | State |
❌ | Status |
Avatar url | Avatar url |
Location | Location |
Bio | Bio |
Company | Organization |
Organizations | ❌ |
❌ | Job title |
❌ | Work information |
Blog | Web |
Gravatar ID | ❌ |
❌ | Skype |
❌ | |
Followers | Followers |
Following | Following |
Created at | Created at |
Updated at | ❌ |
Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…
What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…
Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…
Introduction As cyber threats grow more sophisticated, organizations need more than just firewalls and antivirus…
Introduction When it comes to cybersecurity and ethical hacking, one of the most effective ways…
Introduction In the world of cybersecurity, knowledge is power. One of the most powerful skillsets…