{"id":30629511,"url":"https://github.com/anotherhadi/github-recon","last_synced_at":"2025-08-30T20:22:56.966Z","repository":{"id":292389552,"uuid":"980753449","full_name":"anotherhadi/github-recon","owner":"anotherhadi","description":"Retrieves and aggregates public OSINT data about a GitHub user using Go and the GitHub API. Finds hidden emails in commit history, previous usernames, friends, other GitHub accounts, and more.","archived":false,"fork":false,"pushed_at":"2025-08-23T14:20:36.000Z","size":698,"stargazers_count":17,"open_issues_count":2,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-08-23T17:30:49.445Z","etag":null,"topics":["cybersecurity","github","osint","recon","security"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/anotherhadi.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-05-09T16:50:22.000Z","updated_at":"2025-08-23T14:20:39.000Z","dependencies_parsed_at":null,"dependency_job_id":"cb37fee3-a21c-4291-9117-079538372aad","html_url":"https://github.com/anotherhadi/github-recon","commit_stats":null,"previous_names":["anotherhadi/gh-recon","anotherhadi/github-recon"],"tags_count":11,"template":false,"template_full_name":null,"purl":"pkg:github/anotherhadi/github-recon","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anotherhadi%2Fgithub-recon","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anotherhadi%2Fgithub-recon/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anotherhadi%2Fgithub-recon/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anotherhadi%2Fgithub-recon/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/anotherhadi","download_url":"https://codeload.github.com/anotherhadi/github-recon/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anotherhadi%2Fgithub-recon/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":272901157,"owners_count":25012254,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-30T02:00:09.474Z","response_time":77,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cybersecurity","github","osint","recon","security"],"created_at":"2025-08-30T20:22:55.159Z","updated_at":"2025-08-30T20:22:56.961Z","avatar_url":"https://github.com/anotherhadi.png","language":"Go","readme":"\u003cdiv align=\"center\"\u003e\n    \u003cimg src=\"https://raw.githubusercontent.com/anotherhadi/github-recon/main/.github/assets/logo.png\" width=\"120px\" /\u003e\n\u003c/div\u003e\n\n\u003cbr\u003e\n\n# Github-Recon 🔍\n\n\u003cp\u003e\n    \u003ca href=\"https://github.com/anotherhadi/github-recon/releases\"\u003e\u003cimg src=\"https://img.shields.io/github/release/anotherhadi/github-recon.svg\" alt=\"Latest Release\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://pkg.go.dev/github.com/anotherhadi/github-recon?tab=doc\"\u003e\u003cimg src=\"https://godoc.org/github.com/anotherhadi/github-recon?status.svg\" alt=\"GoDoc\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://goreportcard.com/report/github.com/anotherhadi/github-recon\"\u003e\u003cimg src=\"https://goreportcard.com/badge/github.com/anotherhadi/github-recon\" alt=\"GoReportCard\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n- [🧾 Project Overview](#-project-overview)\n- [🚀 Features](#-features)\n- [⚠️ Disclaimer](#%EF%B8%8F-disclaimer)\n- [📦 Installation](#-installation)\n  - [With Go](#with-go)\n  - [With Nix/NixOS](#with-nixnixos)\n- [🧪 Usage](#-usage)\n  - [Flags](#flags)\n  - [Token](#token)\n  - [How does the email spoofing work?](#how-does-the-email-spoofing-work)\n- [💡 Examples](#-examples)\n- [🕵️‍♂️ Cover your tracks](#%EF%B8%8F%EF%B8%8F-cover-your-tracks)\n- [🤝 Contributing](#-contributing)\n- [🙏 Credits](#-credits)\n\n## 🧾 Project Overview\n\nRetrieves and aggregates public OSINT data about a GitHub user using Go and the\nGitHub API. Finds hidden emails in commit history, previous usernames, friends,\nother GitHub accounts, and more.\n\n\u003cdetails\u003e\n\u003csummary\u003eScreenshot\u003c/summary\u003e\n\u003cimg src=\"https://raw.githubusercontent.com/anotherhadi/github-recon/main/.github/assets/example.png\" alt=\"example screenshot\"\u003e\n\u003c/details\u003e\n\n## 🚀 Features\n\n- Export results to JSON\n\n**From usernames:**\n\n- Retrieve basic user profile information (username, ID, avatar, bio, creation\n  date)\n- Display avatars directly in the terminal\n- List organizations and roles\n- Fetch SSH and GPG keys\n- Enumerate social accounts\n- Extract unique commit authors (name + email)\n- Find close friends\n- Deep scan option (clone repositories, run regex searches, analyze licenses,\n  etc.)\n- Use Levenshtein distance for matching usernames and emails\n\n**From emails:**\n\n- Search for a specific email across all GitHub commits\n- Spoof an email to discover the associated user account\n\n## ⚠️ Disclaimer\n\nThis tool is intended for educational purposes only. Use responsibly and ensure\nyou have permission to access the data you are querying.\n\n## 📦 Installation\n\n### With Go\n\n```bash\ngo install github.com/anotherhadi/github-recon@latest\n```\n\n### With Nix/NixOS\n\n\u003cdetails\u003e\n\u003csummary\u003eClick to expand\u003c/summary\u003e\n\n**From anywhere (using the repo URL):**\n\n```bash\nnix run github:anotherhadi/github-recon -- [--flags value] target_username_or_email\n```\n\n**Permanent Installation:**\n\n```bash\n# add the flake to your flake.nix\n{\n  inputs = {\n    github-recon.url = \"github:anotherhadi/github-recon\";\n  };\n}\n\n# then add it to your packages\nenvironment.systemPackages = with pkgs; [ # or home.packages\n  github-recon\n];\n```\n\n\u003c/details\u003e\n\n## 🧪 Usage\n\n```bash\ngithub-recon [--flags value] target_username_or_email\n```\n\n### Flags\n\n```txt\n-t, --token string           Github personal access token (e.g. ghp_aaa...). Can also be set via GITHUB_RECON_TOKEN environment variable. You also need to set the token in $HOME/.config/github-recon/env file if you want to use this tool without passing the token every time. (default \"null\")\n-d, --deepscan               Enable deep scan (clone repos, regex search, analyse licenses, etc.)\n    --max-size int           Limit the size of repositories to scan (in MB) (only for deep scan) (default 150)\n-e, --exclude-repo strings   Exclude repos from deep scan (comma-separated list, only for deep scan)\n-r, --refresh                Refresh the cache (only for deep scan)\n-s, --show-source            Show where the information (authors, emails, etc) were found (only for deep scan)\n-m, --max-distance int       Maximum Levenshtein distance for matching usernames \u0026 emails (only for deep scan) (default 20)\n-S, --silent                 Suppress all non-essential output\n    --spoof-email            Spoof email (only for email mode) (default true)\n-a, --hide-avatar            Hide the avatar in the output\n-j, --json string            Write results to specified JSON file\n```\n\n### Token\n\nFor the best experience, provide a **GitHub Personal Access Token**. Without a\ntoken, you will quickly hit the **rate limit** and have to wait.\n\n- For **basic usage**, you can create a token **without any permissions**.\n- For the **email spoofing feature**, you need to add the **`repo`** and\n  **`delete_repo`** permissions.\n\nYou can set the token in multiple ways:\n\n- **Command-line flag**:\n\n  ```bash\n  github-recon -t \"ghp_xxx...\"\n  ```\n\n- **Environment variable**:\n\n  ```bash\n  export GITHUB_RECON_TOKEN=ghp_xxx...\n  ```\n\n- **Config file**: Create the file `~/.config/github-recon/env` and add:\n\n  ```env\n  GITHUB_RECON_TOKEN=ghp_xxx...\n  ```\n\n\u003e [!WARNING]\n\u003e For safety, it is recommended to create the Personal Access Token on a\n\u003e **separate GitHub account** rather than your main account. This way, if\n\u003e anything goes wrong, your primary account remains safe.\n\n### How does the email spoofing work?\n\nHere’s the process:\n\n1. Create a new repository.\n2. Make a commit using the **target's email** as the author.\n3. Push the commit to GitHub.\n4. Observe which GitHub account gets associated with that commit.\n\nAll of these steps are handled **automatically by the tool**, so you just need\nto provide the target email.\n\n## 💡 Examples\n\n```bash\ngithub-recon anotherhadi --token ghp_ABC123...\ngithub-recon myemail@gmail.com # Find github accounts by email\ngithub-recon anotherhadi --json output.json --deepscan # Clone the repo and search for leaked email\n```\n\n## 🕵️‍♂️ Cover your tracks\n\nUnderstanding what information about you is publicly visible is the first step\nto managing your online presence. github-recon can help you identify your own\npublicly available data on GitHub. Here’s how you can take steps to protect your\nprivacy and security:\n\n- **Review your public profile**: Regularly check your GitHub profile and\n  repositories to ensure that you are not unintentionally exposing sensitive\n  information.\n- **Manage email exposure**: Use GitHub's settings to control which email\n  addresses are visible on your profile and in commit history. You can also use\n  a no-reply email address for commits. Delete/modify any sensitive information\n  in your commit history.\n- **Be Mindful of Repository Content**: Avoid including sensitive information in\n  your repositories, such as API keys, passwords, emails or personal data. Use\n  `.gitignore` to exclude files that contain sensitive information.\n\nYou can also use a tool like [TruffleHog](github.com/trufflesecurity/trufflehog)\nto scan your repositories specifically for exposed secrets and tokens.\n\n**Useful links:**\n\n- [Blocking command line pushes that expose your personal email address](https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/blocking-command-line-pushes-that-expose-your-personal-email-address)\n- [No-reply email address](https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address)\n\n## 🤝 Contributing\n\nFeel free to contribute! See [CONTRIBUTING.md](CONTRIBUTING.md) for details.\n\n## 🙏 Credits\n\nSome features and ideas in this project were inspired by the following tools:\n\n- [gitrecon](https://github.com/GONZOsint/gitrecon) by GONZOsint\n- [gitfive](https://github.com/mxrch/gitfive) by mxrch\n\nBig thanks to their authors for sharing their work with the community.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanotherhadi%2Fgithub-recon","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fanotherhadi%2Fgithub-recon","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanotherhadi%2Fgithub-recon/lists"}