gitsint allows you to check everything from a github user.
Project description
🔍 Gitsint OSINT — Extract usernames, names, emails & secrets from GitHub
🕵️♂️ Feel free to open issues, submit PRs, or suggest modules! Contributions are very welcome.
📧 For any professional / personal inquiries or collaborations, reach out to me at: 📧 Contact: Zerostats via GitHub Discussions or 43150869+Zerostats@users.noreply.github.com
Telegram bot
For a quick demo, you can try the bot on telegram.
Here are the commands you can use with the bot:
Telegram bot commands
Atm the bot is down, will be fixed.
help- Display help messageregister $TOKEN- Register your GitHub tokengitsint $USERNAME- Search for a GitHub user
⚠️ To prevent abuse, the bot is rate-limited to 1 request per minute.
⭐ You can use your own token and star this repo to bypass this limitation.
Here’s an updated version of your 📃 Summary section that includes the new --gitleaks capability and reflects the current state of your tool:
🚀 Why Use Gitsint?
- 🕵️ Audit your own or others' public GitHub footprint
- 🔐 Find exposed secrets in commits and repos
- 🧩 Map email addresses to usernames
- 📊 Use in OSINT, red teaming, or compliance workflows
📃 Summary
Efficiently extract usernames, names, emails, and even secrets from a GitHub account.
Gitsint is a GitHub OSINT tool that automates the process of extracting public and private data from GitHub profiles, repositories, and commits.
🔍 Features
- 🧠 Retrieves data from profiles, repositories, and commit history
- 🔒 Scans cloned repositories with Gitleaks to uncover secrets, tokens, emails, and credentials
- 🦻 Does not alert the target (read-only, non-intrusive)
- ⚙️ Supports CLI and library usage
- 📦 Exports results as CSV or JSON
- 🔁 Can clone and scan all user/org repositories (public/private/forked)
- 🧪 Compatible with Python 3.10+
- 💻 Cross-platform: works on Linux, macOS, and Windows
🛠️ Installation
🐍 With PyPI
pip3 install gitsint
🚀 With Github
git clone https://github.com/zerostats/gitsint.git
cd gitsint/
pip install -e .
🐳 With Docker
docker build . -t my-gitsint-image
docker run my-gitsint-image gitsint username
Quick Start
Gitsint can be run from the CLI and rapidly embedded within existing python applications.
Help
usage: gitsint [-h] [--size SIZE] [--token TOKEN [TOKEN ...]] [--fork] [--private]
[--only-used] [--no-color] [--no-clear] [-C] [-J] [-T TIMEOUT]
[--cli] [--clean] [--output OUTPUT] [--version] [--debug]
[--check-update] [--gitleaks]
USERNAME [USERNAME ...]
positional arguments:
USERNAME Target Username
options:
-h, --help Show this help message and exit
--size SIZE Set max repo size in KB (default: 50000)
--token TOKEN [TOKEN ...]
API token (required for private or org access)
--fork Include forked repositories
--private Include private repositories
--only-used Display only the platforms used by the target
--no-color Disable colored terminal output
--no-clear Prevent terminal clearing before display
-C, --csv Save results to CSV
-J, --json Save results to JSON
-T, --timeout TIMEOUT Set max timeout (default: 10 seconds)
--cli Output raw JSON result to console
--clean Clean and reset previous result set
--output OUTPUT Set custom output folder (default: ./output)
--version Show version and exit
--debug Enable debug logging
--check-update Check for latest version on PyPI and auto-update
--gitleaks Run https://github.com/gitleaks/gitleaks to detect secrets in all cloned repositories
📚 CLI Example
# Basic public scan
gitsint exemple
# Scan including forks
gitsint exemple --fork
# Limit by max repo size (in KB)
gitsint exemple --size 5000
# Use GitHub token (required for --private)
gitsint exemple --token $TOKEN
# Scan own private repos
gitsint yourname --token $TOKEN --private
# Save output to a specific folder
gitsint exemple --output ./my-results
# Export to JSON + CSV
gitsint exemple --csv --json
# Run Gitleaks scan on all cloned repos
gitsint exemple --token $TOKEN --private --gitleaks
# Check for Gitsint updates
gitsint exemple --check-update
📈 Python Example
Gitsint can be imported as a module to run targeted scans in your own scripts:
import trio
import httpx
from gitsint.modules.profile.friends import friends
async def main():
username = "exemple"
out = []
client = httpx.AsyncClient()
await friends({'login':username}, client, out, [])
print(out)
await client.aclose()
trio.run(main)
Module Output
For each module, data is returned in a standard dictionary with the following json-equivalent format :
{
"name": "module_name",
"rateLimit": false,
"exists": true,
"data": "[{...}]",
"others": null
}
- name : The name of the module ( friends, profile, repository.. )
- rateLitmit : Lets you know if you've been rate-limited.
- exists : If an account exists for the email on that service.
- data : The data returned by the module.
- others : Any extra info.
Rate limited? Use a token.
🧪 Development
Want to contribute or test modules locally? Here's how to get started.
🔧 Poetry-based Setup (Recommended)
# Clone the repository
git clone https://github.com/zerostats/gitsint.git
cd gitsint
# Install poetry if you haven't
curl -sSL https://install.python-poetry.org | python3 -
# Install dependencies
poetry install
# Activate the virtual environment
poetry shell
# Run the CLI
poetry run gitsint username
🔍 Useful Dev Commands
poetry run black gitsint/ # Format code
poetry run isort gitsint/ # Sort imports
💡 Dev Notes
- Modules live in gitsint/modules/ and are fully async
- Use out.append({...}) to return module results
- Optional flags (--token, --gitleaks, etc.) are available in the args object
TODO
[ ] - Add confidence
Thank you to :
- Megadose ( for the base template )
📝 License
GNU General Public License v3.0
Built for educational purposes only.
Modules
| Name | Method | Frequent Rate Limit |
|---|---|---|
| friends | bs4 | ✔ |
| profile | api | ✘ |
| repository | api | ✘ |
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file gitsint-0.3.8.tar.gz.
File metadata
- Download URL: gitsint-0.3.8.tar.gz
- Upload date:
- Size: 27.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.1.2 CPython/3.10.17 Linux/6.11.0-1012-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
477e23d8eeb05da750b40df88b317fa2f29f2d2ef0380772eb963e1a1bd5449d
|
|
| MD5 |
c14805a30abdcc3f316bfac7fdc85fb5
|
|
| BLAKE2b-256 |
16f25d418650b1549d786677968a1c69573c124ea43e87fe1fda10388dc4ed88
|
File details
Details for the file gitsint-0.3.8-py3-none-any.whl.
File metadata
- Download URL: gitsint-0.3.8-py3-none-any.whl
- Upload date:
- Size: 28.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.1.2 CPython/3.10.17 Linux/6.11.0-1012-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a589f17d9d14044e500ec93a5acf8d7509bf8a9a875664a600cdafd6fb9adefa
|
|
| MD5 |
a7127edeee7c74304e7be1a8b697fb6e
|
|
| BLAKE2b-256 |
6ab24fde29565c95a8618ac23e26d6490fe27b27ec001d4fe5490e0f615bc1dc
|
