GitHub OSINT tool for finding public repository mentions of domains and URLs.
Project description
GitOSINTX
GitOSINTX is a GitHub OSINT command-line tool for finding public repository mentions of domains, URLs, and email-style references.
______ _ __ ____ _____ _____ _______ ______
/ ____/(_) /_/ __ \/ ___// _/ | / /_ __/ |/ / |
/ / __/ / __/ / / /\__ \ / // |/ / / / | / /| |
/ /_/ / / /_/ /_/ /___/ // // /| / / / / | ___ |
\____/_/\__/\____//____/___/_/ |_/ /_/ /_/|_|/ |_|
GitOSINTX - GitHub Domain & URL Mention Enumerator
Developed by Harith Dilshan | h4rithd.com
What it does
GitOSINTX accepts a domain or URL, normalizes it into a bare domain, generates multiple GitHub Search API queries, deduplicates results, classifies risky-looking references, and exports a clean JSON or HTML report.
It is useful for:
- Bug bounty passive recon
- Public code exposure discovery
- Domain and URL mention enumeration
- Finding hardcoded API endpoints in public repositories
- Identifying config, CI/CD, and sensitive-keyword references
What it does not do
GitOSINTX does not bypass GitHub limits, scrape private repositories, validate leaked credentials, or exploit anything. It only queries public GitHub data available to your GitHub API access level.
Install
From PyPI after publication:
pip install gitosintx
For local development:
git clone https://github.com/h4rithd/GitOSINTX
cd GitOSINTX
python3 -m pip install -e .
GitHub token
Authenticated GitHub requests are strongly recommended.
export GITHUB_TOKEN='ghp_xxxxxxxxxxxxxxxxxxxx'
Avoid passing tokens directly on the command line because shell history may store them.
Usage
Search a single domain or URL and export HTML:
gitosintx -u https://h4rithd.com -o html --out h4rithd-github-osint.html
Search a single domain and export JSON:
gitosintx -u h4rithd.com -o json --out h4rithd-github-osint.json
Search a list of domains/URLs:
gitosintx -list examples/domains.txt -o html --out multi-domain-report.html
Run deeper extension/config-focused queries:
gitosintx -u h4rithd.com --deep -o html --out deep-report.html
Be friendlier to GitHub rate limits:
gitosintx -u h4rithd.com --max-pages 1 --sleep 2 --wait-rate-limit
Show help:
gitosintx -h
CLI options
-u, --url Single target domain or URL
-list, --list File containing domains/URLs, one per line
-o, --output Output format: html or json
--out Output report path
--token GitHub token; prefer GITHUB_TOKEN env var
--max-pages Maximum GitHub result pages per query
--per-page Results per GitHub API page, max 100
--sleep Delay between paginated requests
--wait-rate-limit Sleep and continue when rate limited
--deep Run additional config/extension-focused queries
--no-repo-search Disable repository metadata search
--no-email-query Disable @domain query
--include-forks Include forks in repository search where supported
--quiet Suppress banner/progress output
-v, --verbose Print query progress to stderr
--version Print version
-h, --help Show help
Output tags
GitOSINTX applies simple triage tags to help prioritize manual review:
| Tag | Meaning |
|---|---|
sensitive-keyword |
Match appears near words like token, secret, password, api_key, private_key, etc. |
config-file |
Match appears in config-style files such as .env, .yml, .json, .properties, .tfvars, etc. |
cicd-devops |
Match appears in CI/CD or deployment files such as GitHub Actions, Dockerfile, Jenkinsfile, etc. |
url-reference |
Match contains URL-style syntax. |
email-reference |
Match contains email-style syntax. |
Responsible use
Do not use discovered credentials. Do not validate tokens. Do not access systems without explicit authorization. For bug bounty, preserve evidence: repository, file path, commit/hash when available, matched snippet, exposure type, and remediation recommendation.
License
MIT License.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file gitosintx-0.1.0.tar.gz.
File metadata
- Download URL: gitosintx-0.1.0.tar.gz
- Upload date:
- Size: 15.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
936e745f806ea99fd7468a174d37a983b19bfcdff3584f2159827b8d802bb1d4
|
|
| MD5 |
189571901e2ffc4b73f7f141dcef392e
|
|
| BLAKE2b-256 |
bb3e4ce0340e08aeb427def51d8b95b330c4cb57d866b997c0d4127505c8112a
|
File details
Details for the file gitosintx-0.1.0-py3-none-any.whl.
File metadata
- Download URL: gitosintx-0.1.0-py3-none-any.whl
- Upload date:
- Size: 15.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a3e246699448f3fc04d62e412ef82332477504c5b33c37e05abe82d234911849
|
|
| MD5 |
1d7cac62993a86780e67a60ecfd77d0f
|
|
| BLAKE2b-256 |
80407f1b521e04dd9e3e894fd88c19b4fceaa44132c868eb05d029d9735a93ff
|