Skip to content

Instantly share code, notes, and snippets.

Last active February 17, 2024 16:49
Show Gist options
  • Save nil0x42/1f85510883cad48dd0c2d56bbb98edbc to your computer and use it in GitHub Desktop.
Save nil0x42/1f85510883cad48dd0c2d56bbb98edbc to your computer and use it in GitHub Desktop.
Awesome GitHub OSINT

Awesome Github OSINT

nil0x42's tips & tricks

  • Scrape twitter account of all github followers of target user on GitHub
  • Scrape twitter account of all stargazers of target project on GitHub
  • Get list of first people who have added a star on a github project. Helpful for investigation, as early stargazers are likely to be closely connected to target user/organisation owning the project...


  • grab hierarchical data about a github organization, user, or repo
  • This tool uses GitHub API to get email addresses from commit log of user/organisation repositories It can be operated with/without GitHub API token.
  • Find email addresses of Github users
  • commit-stream drinks commit logs from the Github event firehose exposing the author details (name and email address) associated with Github repositories in real time.
  • A script to create fake commits, with emails of your choice. GitHub automatically resolves the emails to a GitHub accounts associated with them. This way if you know an email you can find the GitHub account of a user.
  • Gitrob is a tool to help find potentially sensitive files pushed to public repositories on Github. Gitrob will clone repositories belonging to a user or organization down to a configurable depth and iterate through the commit history and flag files that match signatures for potentially sensitive files. The findings will be presented through a web interface for easy browsing and analysis.
  • Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.
  • Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
  • gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
  • shhgit finds committed secrets and sensitive files across GitHub, Gists, GitLab and BitBucket or your local repositories in real time.
  • yar is an OSINT tool for reconnaissance of repositories/users/organizations on Github. Yar clones repositories of users/organizations given to it and goes through the whole commit history in order of commit time, in search for secrets/tokens/passwords, essentially anything that shouldn't be there. Whenever yar finds a secret, it will print it out for you to further assess.
  • Searches through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
  • Right now a breaking change in GitPython is causing an error in pip installations.
  • Scan git repos for secrets using regex and entropy
  • A tool to capture all the git secrets by leveraging multiple open source git searching tools
  • This tool is for sensitive information searching on Github
  • Retrieve a GitHub user's email even if it's not public.
  • Pulls info from Github user, NPM, activity commits, owned repo commit activity.
  • Find the email address of any GitHub user
  • githubFind3r is a very fast command line repo/user/commit search tool
  • Find subdomains on GitHub.
  • Monitors Github for leaked secrets
  • A Python program to scrape secrets from GitHub through usage of a large repository of dorks.
  • Tool for advanced mining for content on Github


  • Talks about manual & automated leak search & GitHub dorking
Copy link


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment