nil0x42's tips & tricks
- Scrape twitter account of all github followers of target user on GitHub
- Scrape twitter account of all stargazers of target project on GitHub
- Get list of first people who have added a star on a github project. Helpful for investigation, as early stargazers are likely to be closely connected to target user/organisation owning the project...
- grab hierarchical data about a github organization, user, or repo
- This tool uses GitHub API to get email addresses from commit log of user/organisation repositories It can be operated with/without GitHub API token.
- Find email addresses of Github users
- commit-stream drinks commit logs from the Github event firehose exposing the author details (name and email address) associated with Github repositories in real time.
- A script to create fake commits, with emails of your choice. GitHub automatically resolves the emails to a GitHub accounts associated with them. This way if you know an email you can find the GitHub account of a user.
- Gitrob is a tool to help find potentially sensitive files pushed to public repositories on Github. Gitrob will clone repositories belonging to a user or organization down to a configurable depth and iterate through the commit history and flag files that match signatures for potentially sensitive files. The findings will be presented through a web interface for easy browsing and analysis.
- Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.
- Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
- gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
- shhgit finds committed secrets and sensitive files across GitHub, Gists, GitLab and BitBucket or your local repositories in real time.
- yar is an OSINT tool for reconnaissance of repositories/users/organizations on Github. Yar clones repositories of users/organizations given to it and goes through the whole commit history in order of commit time, in search for secrets/tokens/passwords, essentially anything that shouldn't be there. Whenever yar finds a secret, it will print it out for you to further assess.
- Searches through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
- Right now a breaking change in GitPython is causing an error in pip installations.
- Scan git repos for secrets using regex and entropy
- A tool to capture all the git secrets by leveraging multiple open source git searching tools
- This tool is for sensitive information searching on Github
- Retrieve a GitHub user's email even if it's not public.
- Pulls info from Github user, NPM, activity commits, owned repo commit activity.
- This project allows you to find the most active forks of a repository.
- Live Demo: https://techgaun.github.io/active-forks/index.html
- Find the email address of any GitHub user
- githubFind3r is a very fast command line repo/user/commit search tool
- Find subdomains on GitHub.
- Monitors Github for leaked secrets
- A Python program to scrape secrets from GitHub through usage of a large repository of dorks.
- Tool for advanced mining for content on Github
- Talks about manual & automated leak search & GitHub dorking
wow