[OSINT] Dump ALL gists from a list of GitHub users

gist-massdump.py

#!/usr/bin/env python3

#author: @nil0x42
# Usage:
#   $ export GITHUB_TOKEN="<YOUR GITHUB TOKEN>"
#   $ cat github-users.txt | ./gist-massdump.py
#   $ grep -r 'someSecret' gist-massdump.out/
import sys, os, requests, json, pathlib

if sys.stdin.isatty():
    sys.exit("[-] Usage: cat github-users.txt | gist-massdump.py")

GH_TOKEN = os.environ.get("GITHUB_TOKEN")
graphql = """
{
  user(login: "%s") {
    gists(orderBy: {field: UPDATED_AT, direction: DESC}, first: 100) {
      nodes {
        url
        updatedAt
        files(limit: 100) {
          name
          text(truncate: 32768)
        }
      }
    }
  }
}
"""
num_users = 0
total_gists = 0
for user in sys.stdin:
    user = user.strip()
    if not user:
        continue
    try:
        r = requests.post("https://api.github.com/graphql",
                json={"query": graphql % user},
                headers={"Authorization": "token " + GH_TOKEN}).json()
        if "errors" in r.keys():
            raise Exception(r["errors"][0]["message"])
        num_gists = len(r["data"]["user"]["gists"]["nodes"])
        for g in r["data"]["user"]["gists"]["nodes"]:
            path = pathlib.Path(
                    "gist-massdump.out",
                    user,
                    g["updatedAt"][:10] + "_" + g["url"].rsplit("/", 1)[-1])
            path.mkdir(parents=True, exist_ok=True)
            for f in g["files"]:
                name = "".join([ c if c.isalnum() else "_" for c in f["name"]])
                path.joinpath(name).write_text(f["text"])
    except BaseException as e:
        print("[-] gist-massdump: %r: %r" % (user, e), file=sys.stderr)
    print(f"[+] correctly extracted {num_gists} gists from {user!r}")
    num_users += 1
    total_gists += num_gists


print(f"\n[+] TOTAL: {total_gists} gists dumped from {num_users} users into ./gist-massdump.out/")