Welcome back, aspiring cyberwarriors!
GitHub is the world’s largest platform for software development and version control, hosting millions of public and private code repositories. Built on the Git distributed version control system, it allows developers to store code, track changes over time, collaborate with others, and manage software projects.
For OSINT analysts, GitHub is more than just a place to store code; it is one of the richest unintentional repositories of intelligence on the internet. Because developers use it for day-to-day work rather than carefully curating their public profiles, GitHub often provides an unrestrained view of how organizations actually operate. It covers the tech they’re using, the people working on their projects, what they’re creating, and sometimes private details that weren’t meant to be shared with everyone.
In this article, we will explore which techniques you can employ to get started with your OSINT investigation on GitHub. Let’s get rolling!
Step #1: Google Dorks for Finding People on GitHub
GitHub’s native search is powerful but has notable limitations, including the need for a login and incomplete indexing of historical content and file types. In contrast, Google’s web crawlers index much of GitHub’s public content.
So, let’s try to find a profile by name.
site:github.com "Full Name"
Let’s work on identifying individuals who are mentioned on company pages.
site:github.com "Company Name" "members"
In addition to that, we can attempt to search for a configuration file in the following way:
site:github.com filename:config.json
Of course, you are not limited to file extensions. You can search, for example, database files.
site:github.com/targetorg filename:*.sql
Step #2: GitHub API Endpoints
GitHub has a REST API at api.github.com that serves structured JSON for everything you can see on the website, and even some things you can’t. You can make public data queries without having to log in, but keep in mind that you’re limited to 60 requests per hour. If you use a personal access token (PAT) that limits jumps to 5,000 requests per hour.
To gather information about a user, open the URL below in your browser: https://api.github.com/users/[username]
As you can see, it reveals valuable data, such as location and creation date.
Another command allows you to extract emails from the commit history. Even when a GitHub user has not made their email address public, it is often embedded in their commit metadata, and the API provides direct access to this information.
https://api.github.com/repos/[owner]/[repo]/commits
Many API endpoints provide valuable information, but manually searching for them can be time-consuming. Therefore, let’s explore some automation tools.
Step #3: Automating GitHub OSINT
TruffleHog is one of the most capable and actively maintained open-source secret-detection tools available. We have a dedicated article describing it, so feel free to check it out.
Another tool I’d like to discuss is Octosuite. This Python-based automation framework for GitHub OSINT wraps multiple API endpoints into a streamlined workflow, providing formatted output.
We can install it using the following commands:
kali> python3 -m venv .venv
kali> source .venv/bin/activate
kali> pip3 install octosuite
Next, we can query GitHub data directly from the command line. For example, let’s check the users API endpoint.
kali> octosuite user username
Furthermore, we can retrieve information about all company members mentioned on GitHub.
kali> octosuite org company_name –members
Octosuite is especially useful when we need to generate formatted intelligence reports from GitHub data without writing custom scripts.
Summary
GitHub is a valuable resource for open-source intelligence because many users use it as a workspace rather than just a public profile.
In this article, we will explore the initial steps you can take to begin your OSINT investigation on GitHub. If you’re looking to enhance your OSINT skills, consider exploring our OSINT training. If you need assistance in uncovering the truth, don’t hesitate to reach out to us at [email protected], and we’ll conduct a comprehensive OSINT investigation for you.
Source: HackersArise
Source Link: https://hackers-arise.com/open-source-intelligence-osint-tools-and-techniques-for-gathering-information-on-github-part-1/