Skip to content
/ gitosint Public

Gitosint is a tool for reconnaissance of the Git services and extracting valuable metadata from commits.

License

MIT license
14 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

wavvs/gitosint

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
assets/README
assets/README
 
 
cmd
cmd
 
 
pkg
pkg
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

Gitosint is a tool for reconnaissance of the Git services and extracting valuable metadata from commits.

status

Features

  • Extract commit metadata (emails and usernames) from Git repositories

  • Analyze GitHub users and organizations

    • Extract commit metadata from repositories, pull requests and GitHub Search results

  • Find GitHub users by email addresses

    • Tool is taking advantage of a GitHub feature, which uses the email address in the commit header to link the commit to a GitHub user .

Install Gitosint

The tool requires Go 1.16 version. Ensure that GO111MODULE=on is set.

$ git clone https://github.com/wavvs/gitosint
$ cd gitosint/
$ go install

Usage

Note: The tool is in beta status. Output of the tool may significantly change in the future.

gitosint_help

Extracting commit metadata from Git repositories

git-help

Extract commit metadata from the remote repositories:

$ gitosint git --repos <url_1>,...,<url_N>

Authenticate to the remote repositories using Basic Auth:

$ gitosint git --frepos repos.txt -u <user> -t <token_or_pass> 
or
$ gitosint git --frepos repos.txt -u <user> -p

You can also use SSH keys and provide corresponding URLs:

$ gitosint git --repos <url_1>,...,<url_N> --ssh <path_to_key> -p

GitHub reconnaissance

github-help

Before using this command you need to obtain an access token from Settings > Developer settings > Personal access tokens. Token should have following scopes:

  • repo
    • repo:status
    • public_repo
  • admin:org
    • read:org
  • user
    • read:user
    • user:email
  • delete_repo

Extract commit metadata from the repositories and the pull requests of the GitHub user (only non-merged pull requests will be analyzed):

$ gitosint github -t <token> --users <user> --pulls --max-pulls 500

Extract commit metadata from the repositories and the results of GitHub Search (includes searching commits and pull requests):

$ gitosint github -t <token> --users <user> --search --pulls

You can also perform analysis of the GitHub organizations and their members:

$ gitosint github -t <token> --users <org> --pulls --members

Note: omit --members option if an organization has too many members. The tool will exhaust rate limits before finishing analysis of the members.

Find GitHub users by email addresses:

$ gitosint github -t <token> --emails <email_1>,...,<email_N> --search

Extract commit metadata from specific repositories and list their contributors (uses tool functionality):

$ gitosint github -t <token> --repos <github_repo_url> --contributors

Note: If you encounter "push declined due to email privacy restrictions" error temporarily disable "Block command line pushes that expose my email" option at Settings > Emails.

TODO

  • Add GitLab support
  • Improve tool output
  • Improve documentation
  • Add logging
  • Add option to pause the tool until rate limits are restored

About

Gitosint is a tool for reconnaissance of the Git services and extracting valuable metadata from commits.

Topics

github git metadata osint recon pentest

Resources

Readme

License

MIT license
Activity

Stars

14 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Languages