Osgint – OSINT tool to find information about GitHub user

Xaena · 2025-03-24T19:06:23 1742843183

You may not be the creator, but the intent of this repo appears to be at odds with GitHub's acceptable use policies.

For anyone else dealing with recruiters or companies spamming you from your github commit email, it's reportable under information usage restrictions and privacy.

https://docs.github.com/en/site-policy/acceptable-use-polici...

compootr · 2025-03-25T05:44:42 1742881482

as a non-user, I'm not bound by their policies :3

also, don't they have an email masking option? i remember seeing some generated @github.com email in commit logs

astr0n0mer · 2025-03-26T00:05:25 1742947525

That's right, you can enable that email by checking "Keep my email addresses private" at https://github.com/settings/emails#toggle_visibility_note

zellyn · 2025-03-24T13:29:06 1742822946

    [+] login : zellyn
    [+] id : 33625
    [+] avatar_url : https://avatars.githubusercontent.com/u/33625?v=4
    [+] name : Zellyn Hunter
    [+] company : Square
    [+] blog : http://www.zellyn.com/
    [+] location : Atlanta
    [+] bio : Programmer at Square. Mostly (currently) Go.
    [+] public_repos : 52
    [+] public_gists : 47
    [+] followers : 101
    [+] following : 20
    [+] created_at : 2008-11-10T13:26:38Z
    [+] updated_at : 2025-03-03T00:51:46Z
    [+] public_gists : https://gist.github.com/zellyn
    [+] SSH_keys : https:/github.com/zellyn.keys
    [+] email : hippytrail@gmail.com zellyn@squareup.com tomcw@users.noreply.github.com zellyn@gmail.com

Pretty much spot on, except for the emails. The ones with username `zellyn` are correct; the others are people who've contributed changes to repos I created (I think).

Gerardo1 · 2025-03-24T16:44:11 1742834651

I do feel you have a bit of an ethical obligation to also have a "how to avoid leaking this information" section in your README.

theyknowitsxmas · 2025-03-24T13:53:36 1742824416

Who does this benefit besides spammers?

RamblingCTO · 2025-03-24T14:31:22 1742826682

People who want to make sure that nothing wrong is shared with spammers or the world in general?

Gerardo1 · 2025-03-24T16:42:55 1742834575

Why would you want that?

I would, in general, prefer that incorrect information about me was shared with spammers, if any information is shared. Ditto for most third parties that I don't have a direct relationship with or ongoing conversation. And even then, usually the information they need about me is pretty limited.

RamblingCTO · 2025-03-24T17:05:13 1742835913

nothing wrong = nothing I want out there. not talking about security through obfuscation

Gerardo1 · 2025-03-24T18:45:22 1742841922

Ah gotcha, thanks!

jillyboel · 2025-03-24T16:28:37 1742833717

Stalkers and abusers

ozim · 2025-03-24T23:16:16 1742858176

Or people who want to double check if they are not vulnerable to stalking and abuse by a silly mistake.

69277494937 · 2025-03-25T05:28:25 1742880505

Knowing what malicious actors are capable of is important for protecting yourself against them.

1317 · 2025-03-24T14:24:04 1742826244

ok, but it doesn't actually tell you anything new except the email

everything else is literally just the info on the github profile page

diego_sandoval · 2025-03-24T17:30:53 1742837453

And I assume the emails are obtained from the commits' metadata, which is known to show your email when you upload code to Github.

daghamm · 2025-03-25T09:27:25 1742894845

Email is visible in commit messages. So nothing new at all

ExxKA · 2025-03-24T14:01:33 1742824893

Just as recruiters were stopping to spam me via GitHub...

belter · 2025-03-24T14:25:09 1742826309

Who would use their real name for GitHub?

https://github.com/elonmusk

https://github.com/donaldtrump

gokayburuc_dev · 2025-03-25T12:46:28 1742906788

Correct me if I'm wrong, but isn't this feature already in Github API Tools?Project dashboards and contributors' e-mail addresses can already be seen in the free Github API Tools.At this point, the only advantage may be to compile all the information together.When data is requested in Json format, Github shares most of the data for free.

danso · 2025-03-24T19:09:26 1742843366

Uh couldn't you use the Events API to more efficiently go through someone's recent commits?

    def findEmailFromContributor(username, repo, contributor):
        response = requests.get('https://github.com/%s/%s/commits?author=%s' % (username, repo, contributor), auth=HTTPBasicAuth(username, '')).text
        latestCommit = re.search(r'href="/%s/%s/commit/(.*?)"' % (username, repo), response)
        if latestCommit:
            latestCommit = latestCommit.group(1)
        else:
            latestCommit = 'dummy'
        commitDetails = requests.get('https://github.com/%s/%s/commit/%s.patch' % (username, repo, latestCommit), auth=HTTPBasicAuth(username, '')).text
        email = re.search(r'<(.*)>', commitDetails)

cpursley · 2025-03-24T12:49:57 1742820597

That's basically the idea behind https://reporeach.com

numinix · 2025-03-24T13:27:06 1742822826

How can you tell? This website doesn't explain what the product is, how it works, or even bother with a privacy policy.

confiq · 2025-03-24T13:32:01 1742823121

It also requires registration to use it.

dustyharddrive · 2025-03-24T19:15:03 1742843703

This looks very GDPR compliant!

Dotnaught · 2025-03-24T13:48:04 1742824084

Seems like its more trouble than just appending .patch to a commit.

areyourllySorry · 2025-03-24T17:25:20 1742837120

also see gitrecon