Description

GitFive is an OSINT tool to investigate GitHub profiles.

Main features :

• Usernames / names history
• Usernames / names variations
• Email address to GitHub account
• Find GitHub's accounts from a list of email addresses
• Lists identities used by the target
• Clones and analyze every target's repos
• Highlights emails tied to GitHub's target account
• Finds local identities (UPNs, ex : [email protected])
• Finds potential secondary GitHub accounts
• Don't need repos to work (but better)
• Generates every possible email address combinations and looks for matchs
• Dumps SSH public keys
• JSON export

Optimizations :

• Very low API consumption, stays under the rate-limit
• Multi-processing tasks (bypassing Python's GIL)
• Async scraping

Workflow

Click here for a full view

Requirements

• Git
• Python >= 3.10

Installation

$ pip3 install pipx
$ pipx ensurepath
$ pipx install gitfive

It will automatically use venvs to avoid dependency conflicts with other projects.

Usage

First, login to GitHub (preferably with a secondary account) :

$ gitfive login

Then, profit :

usage: gitfive [-h] {login,user,email,emails,light} ...

positional arguments:
  {login,user,email,emails,light}
    login               Let GitFive authenticate to GitHub.
    user                Track down a GitHub user by its username.
    email               Track down a GitHub user by its email address.
    emails              Find GitHub usernames of a given list of email addresses.
    light               Quickly find emails addresses from a GitHub username.

options:
  -h, --help            show this help message and exit

PS : plz avoid testing on torvalds or other authors of repos with 1 million commits

📄 You can also use --json with user and email modules to export in JSON ! Example :

$ gitfive user mxrch --json mxrch_data.json

Have fun 🥰💞

Video demo

Obvious disclaimer

This tool is for educational purposes only, I am not responsible for its use.

Less obvious disclaimer

The use of this tool in an automated paid service / software is strictly forbidden without my personal agreement.
Please use it only in personal, criminal investigations, or open-source projects.

Thanks

• novitae for being my Python colleague
• rayanlecat, ABH, 22sh, BlackWasp, Tartofraise, mpgn, M3SS and n1nj4sec for the beta test
• The HideAndSec team 💗 (blog : https://hideandsec.sh)

Sponsors

Thanks to these awesome people for supporting me !

You like my work ?
Sponsor me on GitHub ! 🤗