OSINT tool to get information from a github profile and find GitHub user's email addresses leaked on commits.

GitHub uses the email address associated with a GitHub account to link commits and other activity to a GitHub profile. When a user makes commits to public repos their email address is usually published in the commit and becomes publicly accessible, if you know where to look.

GitHub provide some instructions on how to prevent this from happening, but it seems that most GitHub users either don't know or don't care that their email address may be exposed.

Finding a GitHub user's email address is often as simple as looking at their recent events via the GitHub API.

Idea and text from Nick Drewe.

Source: https://thedatapack.com/tools/find-github-user-email/

• Python 3

git clone https://github.com/GONZOsint/gitrecon.gitcd gitrecon/python3 -m pip install -r requirements.txt

It is possible to use a Github access token by editing line 23 of the gitrecon.py file

token = '<Access token here>'

usage: gitrecon.py [-h] [-a] [-o] usernamepositional arguments:  usernameoptional arguments:  -h, --help    show this help message and exit  -a, --avatar  download avatar pic  -o, --output  save output as json

• 
  Profile info
  
  • Username
  • Name
  • User ID
  • Avatar url
  • Email
  • Location
  • Bio
  • Company
  • Blog
  • Gravatar ID
  • Twitter username
  • Followers
  • Following
  • Created at
  • Updated at
• 
  Extract Orgs
  
• 
  Search for leaked emails on commits
  

To avoid this type of leaks, certain configurations can be made on Github:

Settings url: https://github.com/settings/emails

• ✔️
  Keep my email addresses private

• ✔️
  Block command line pushes that expose my email