OSINT tool to get information from a github profile and find GitHub user’s email addresses leaked on commits.
How does this work?
GitHub uses the email address associated with a GitHub account to link commits and other activity to a GitHub profile. When a user makes commits to public repos their email address is usually published in the commit and becomes publicly accessible, if you know where to look.
GitHub provide some instructions on how to prevent this from happening, but it seems that most GitHub users either don’t know or don’t care that their email address may be exposed.
Finding a GitHub user’s email address is often as simple as looking at their recent events via the GitHub API.
Idea and text from Nick Drewe.
git clone https://github.com/GONZOsint/gitrecon.git
python3 -m pip install -r requirements.txt
token = '<Access token here>'
usage: gitrecon.py [-h] [-a] [-o] username
-h, --help show this help message and exit
-a, --avatar download avatar pic
-o, --output save output as json
- User ID
- Avatar url
- Gravatar ID
- Twitter username
- Created at
- Updated at
Search for leaked emails on commits
To avoid this type of leaks, certain configurations can be made on Github:
Settings url: https://github.com/settings/emails
- Keep my email addresses private
- Block command line pushes that expose my email
This is only an educational purposes only I am not responsible for further activities
Join my forum and learn more ethical hacking and penetration testing
Get me at