anotherhadi/blog
1
Fork 0
mirror of https://github.com/anotherhadi/blog.git synced 2026-04-02 11:42:10 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
385e46ecdf3484a455cd4ea966193a6030fdaea1
blog/src/content/projects/github-recon.md
Hadi 8a4ca97c40 init
2026-01-01 19:06:29 +01:00

224 lines
8.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
title: "Github Recon"
description: "Retrieves and aggregates public OSINT data about a GitHub user using Go and the GitHub API. Finds hidden emails in commit history, previous usernames, friends, other GitHub accounts, and more."
image: "../../../public/images/projects/github-recon.png"
tags: ["osint", "github", "cybersecurity"]
sourceLink: "https://github.com/anotherhadi/github-recon"
---
<p>
<a href="https://github.com/anotherhadi/github-recon/releases"><img src="https://img.shields.io/github/release/anotherhadi/github-recon.svg" alt="Latest Release"></a>
<a href="https://pkg.go.dev/github.com/anotherhadi/github-recon?tab=doc"><img src="https://godoc.org/github.com/anotherhadi/github-recon?status.svg" alt="GoDoc"></a>
<a href="https://goreportcard.com/report/github.com/anotherhadi/github-recon"><img src="https://goreportcard.com/badge/github.com/anotherhadi/github-recon" alt="GoReportCard"></a>
</p>
- [🧾 Project Overview](#-project-overview)
- [🚀 Features](#-features)
- [⚠️ Disclaimer](#%EF%B8%8F-disclaimer)
- [📦 Installation](#-installation)
- [With Go](#with-go)
- [With Nix/NixOS](#with-nixnixos)
- [🧪 Usage](#-usage)
- [Flags](#flags)
- [Token](#token)
- [How does the email spoofing work?](#how-does-the-email-spoofing-work)
- [💡 Examples](#-examples)
- [🕵️‍♂️ Cover your tracks](#%EF%B8%8F%EF%B8%8F-cover-your-tracks)
- [🤝 Contributing](#-contributing)
- [🙏 Credits](#-credits)
## 🧾 Project Overview
Retrieves and aggregates public OSINT data about a GitHub user using Go and the
GitHub API. Finds hidden emails in commit history, previous usernames, friends,
other GitHub accounts, and more.
<details>
<summary>Screenshot</summary>
<img src="https://raw.githubusercontent.com/anotherhadi/github-recon/main/.github/assets/example.png" alt="example screenshot">
</details>
## 🚀 Features
- Export results to JSON
**From usernames:**
- Retrieve basic user profile information (username, ID, avatar, bio, creation
date)
- Display avatars directly in the terminal
- List organizations and roles
- Fetch SSH and GPG keys
- Enumerate social accounts
- Extract unique commit authors (name + email)
- Find close friends
- Deep scan option (clone repositories, run regex searches, analyze licenses,
etc.)
- Use Levenshtein distance for matching usernames and emails
- TruffleHog integration to find secrets
**From emails:**
- Search for a specific email across all GitHub commits
- Spoof an email to discover the associated user account
## ⚠️ Disclaimer
This tool is intended for educational purposes only. Use responsibly and ensure
you have permission to access the data you are querying.
## 📦 Installation
### With Go
```bash
go install github.com/anotherhadi/github-recon@latest
```
### With Nix/NixOS
<details>
<summary>Click to expand</summary>
**From anywhere (using the repo URL):**
```bash
nix run github:anotherhadi/github-recon -- [--flags value] target_username_or_email
```
**Permanent Installation:**
```bash
# add the flake to your flake.nix
{
inputs = {
github-recon.url = "github:anotherhadi/github-recon";
};
}
# then add it to your packages
environment.systemPackages = with pkgs; [ # or home.packages
inputs.github-recon.defaultPackage.${pkgs.system}
];
```
</details>
## 🧪 Usage
```bash
github-recon [--flags value] target_username_or_email
```
### Flags
```txt
-t, --token string Github personal access token (e.g. ghp_aaa...). Can also be set via GITHUB_RECON_TOKEN environment variable. You also need to set the token in $HOME/.config/github-recon/env file if you want to use this tool without passing the token every time. (default "null")
-d, --deepscan Enable deep scan (clone repos, regex search, analyse licenses, etc.)
--max-size int Limit the size of repositories to scan (in MB) (only for deep scan) (default 150)
-e, --exclude-repo strings Exclude repos from deep scan (comma-separated list, only for deep scan)
-r, --refresh Refresh the cache (only for deep scan)
-s, --show-source Show where the information (authors, emails, etc) were found (only for deep scan)
-m, --max-distance int Maximum Levenshtein distance for matching usernames & emails (only for deep scan) (default 20)
--trufflehog Run trufflehog on cloned repositories (only for deep scan) (default true)
-S, --silent Suppress all non-essential output
--spoof-email Spoof email (only for email mode) (default true)
-a, --print-avatar Show the avatar in the output
-j, --json string Write results to specified JSON file
```
### Token
For the best experience, provide a **GitHub Personal Access Token**. Without a
token, you will quickly hit the **rate limit** and have to wait.
- For **basic usage**, you can create a token **without any permissions**.
- For the **email spoofing feature**, you need to add the **`repo`** and
**`delete_repo`** permissions.
You can set the token in multiple ways:
- **Command-line flag**:
```bash
github-recon -t "ghp_xxx..."
```
- **Environment variable**:
```bash
export GITHUB_RECON_TOKEN=ghp_xxx...
```
- **Config file**: Create the file `~/.config/github-recon/env` and add:
```env
GITHUB_RECON_TOKEN=ghp_xxx...
```
> For safety, it is recommended to create the Personal Access Token on a
> **separate GitHub account** rather than your main account. This way, if
> anything goes wrong, your primary account remains safe.
### How does the email spoofing work?
Heres the process:
1. Create a new repository.
2. Make a commit using the **target's email** as the author.
3. Push the commit to GitHub.
4. Observe which GitHub account the commit is linked to. This method **always
works**, but it only reveals the account if the email is set as the users
**primary email**.
All of these steps are handled **automatically by the tool**, so you just need
to provide the target email.
## 💡 Examples
```bash
github-recon anotherhadi --token ghp_ABC123...
github-recon myemail@gmail.com # Find github accounts by email
github-recon anotherhadi --json output.json --deepscan # Clone the repo and search for leaked email
```
## 🕵️‍♂️ Cover your tracks
Understanding what information about you is publicly visible is the first step
to managing your online presence. github-recon can help you identify your own
publicly available data on GitHub. Heres how you can take steps to protect your
privacy and security:
- **Review your public profile**: Regularly check your GitHub profile and
repositories to ensure that you are not unintentionally exposing sensitive
information.
- **Manage email exposure**: Use GitHub's settings to control which email
addresses are visible on your profile and in commit history. You can also use
a no-reply email address for commits, and an
[alias email](https://proton.me/support/addresses-and-aliases) for your
account. Delete/modify any sensitive information in your commit history.
- **Be Mindful of Repository Content**: Avoid including sensitive information in
your repositories, such as API keys, passwords, emails or personal data. Use
`.gitignore` to exclude files that contain sensitive information.
You can also use a tool like [TruffleHog](github.com/trufflesecurity/trufflehog)
to scan your repositories specifically for exposed secrets and tokens.
**Useful links:**
- [Blocking command line pushes that expose your personal email address](https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/blocking-command-line-pushes-that-expose-your-personal-email-address)
- [No-reply email address](https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address)
## 🤝 Contributing
Feel free to contribute! See [CONTRIBUTING.md](https://github.com/anotherhadi/github-recon/blob/main/CONTRIBUTING.md) for details.
## 🙏 Credits
Some features and ideas in this project were inspired by the following tools:
- [gitrecon](https://github.com/GONZOsint/gitrecon) by GONZOsint
- [gitfive](https://github.com/mxrch/gitfive) by mxrch
Big thanks to their authors for sharing their work with the community.
Reference in New Issue View Git Blame Copy Permalink