hngopher.com

       [HN Gopher] Osgint - OSINT tool to find information about GitHub...
       ___________________________________________________________________
        
       Osgint - OSINT tool to find information about GitHub user
        
       Author : CHEF-KOCH
       Score  : 100 points
       Date   : 2025-03-24 05:51 UTC (17 hours ago)
        
 (HTM) web link (github.com)
 (TXT) w3m dump (github.com)
        
       | cpursley wrote:
       | That's basically the idea behind https://reporeach.com
        
         | numinix wrote:
         | How can you tell? This website doesn't explain what the product
         | is, how it works, or even bother with a privacy policy.
        
           | confiq wrote:
           | It also requires registration to use it.
        
         | dustyharddrive wrote:
         | This looks very GDPR compliant!
        
       | zellyn wrote:
       | [+] login : zellyn         [+] id : 33625         [+] avatar_url
       | : https://avatars.githubusercontent.com/u/33625?v=4         [+]
       | name : Zellyn Hunter         [+] company : Square         [+]
       | blog : http://www.zellyn.com/         [+] location : Atlanta
       | [+] bio : Programmer at Square. Mostly (currently) Go.
       | [+] public_repos : 52         [+] public_gists : 47         [+]
       | followers : 101         [+] following : 20         [+] created_at
       | : 2008-11-10T13:26:38Z         [+] updated_at :
       | 2025-03-03T00:51:46Z         [+] public_gists :
       | https://gist.github.com/zellyn         [+] SSH_keys :
       | https:/github.com/zellyn.keys         [+] email :
       | hippytrail@gmail.com zellyn@squareup.com
       | tomcw@users.noreply.github.com zellyn@gmail.com
       | 
       | Pretty much spot on, except for the emails. The ones with
       | username `zellyn` are correct; the others are people who've
       | contributed changes to repos I created (I think).
        
       | Dotnaught wrote:
       | Seems like its more trouble than just appending .patch to a
       | commit.
        
       | theyknowitsxmas wrote:
       | Who does this benefit besides spammers?
        
         | RamblingCTO wrote:
         | People who want to make sure that nothing wrong is shared with
         | spammers or the world in general?
        
           | cdblades wrote:
           | Why would you want that?
           | 
           | I would, in general, _prefer_ that incorrect information
           | about me was shared with spammers, if any information is
           | shared. Ditto for most third parties that I don 't have a
           | direct relationship with or ongoing conversation. And even
           | then, usually the information they need about me is pretty
           | limited.
        
             | RamblingCTO wrote:
             | nothing wrong = nothing I want out there. not talking about
             | security through obfuscation
        
               | cdblades wrote:
               | Ah gotcha, thanks!
        
         | jillyboel wrote:
         | Stalkers and abusers
        
       | ExxKA wrote:
       | Just as recruiters were stopping to spam me via GitHub...
        
       | 1317 wrote:
       | ok, but it doesn't actually tell you anything new except the
       | email
       | 
       | everything else is literally just the info on the github profile
       | page
        
         | diego_sandoval wrote:
         | And I assume the emails are obtained from the commits'
         | metadata, which is known to show your email when you upload
         | code to Github.
        
       | belter wrote:
       | Who would use their real name for GitHub?
       | 
       | https://github.com/elonmusk
       | 
       | https://github.com/donaldtrump
        
       | cdblades wrote:
       | I do feel you have a bit of an ethical obligation to also have a
       | "how to avoid leaking this information" section in your README.
        
       | areyourllySorry wrote:
       | also see gitrecon
        
       | Xaena wrote:
       | You may not be the creator, but the intent of this repo appears
       | to be at odds with GitHub's acceptable use policies.
       | 
       | For anyone else dealing with recruiters or companies spamming you
       | from your github commit email, it's reportable under information
       | usage restrictions and privacy.
       | 
       | https://docs.github.com/en/site-policy/acceptable-use-polici...
        
       | danso wrote:
       | Uh couldn't you use the Events API to more efficiently go through
       | someone's recent commits?                   def
       | findEmailFromContributor(username, repo, contributor):
       | response =
       | requests.get('https://github.com/%s/%s/commits?author=%s' %
       | (username, repo, contributor), auth=HTTPBasicAuth(username,
       | '')).text             latestCommit =
       | re.search(r'href="/%s/%s/commit/(.*?)"' % (username, repo),
       | response)             if latestCommit:
       | latestCommit = latestCommit.group(1)             else:
       | latestCommit = 'dummy'             commitDetails =
       | requests.get('https://github.com/%s/%s/commit/%s.patch' %
       | (username, repo, latestCommit), auth=HTTPBasicAuth(username,
       | '')).text             email = re.search(r'<(.*)>', commitDetails)
        
       ___________________________________________________________________
       (page generated 2025-03-24 23:01 UTC)