From email to Github accounts

h51un6
1 min readJan 8, 2022

--

While searching lately for new OSINT techniques on Github, I have found an old repository entitled “enumerate-github-users” by antnks.

Git commits usually contain the name and email address of their author. antnks observed that Github automatically resolves these emails to their associated Github accounts, if they exist. So he created a script to build commits spoofing arbitrary email addresses.

The technique was great, but antnks’ work was a proof-of-concept, not a tool suitable for production.

The main point was the understanding of the exact scope of this technique:

  1. Are private email detected?
  2. Does Github resolve secondary email addresses?
  3. Is the account owner notified?

Github resolves all the email addresses linked to an account, even if email is private, secondary or unverified. The account owner is not notified but fake repository appears in his board, because he becomes one of its contributors. It is therefore important that the existence of the repository is as short as possible.

email2github is a handy tool for day-to-day investigation. It implements users search and this fake commits technique. Accounts are first searched through users search, as this technique is less risky. The fake commits technique is used if users search does not yield anything.

I hope you will find it useful!

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

--

--

h51un6
h51un6

Written by h51un6

0 Followers

Personal hacking projects, write-ups and tools

No responses yet

Write a response