Extracting Emails and Usernames from GitHub Commit History for Targeted Security Research

By /

Listen to this Post

GitHub is a goldmine for security researchers and bug bounty hunters, especially when it comes to gathering intelligence about an organization. One effective technique is extracting emails and usernames from commit histories in repositories. This can help in OSINT (Open-Source Intelligence) and social engineering assessments.

Tool Used: Ghintel by Secrets.ninja

The tool ghintel.secrets.ninja automates the extraction of emails, usernames, and other sensitive data from GitHub commit logs.

You Should Know: Manual Extraction Using Git Commands

If you prefer a manual approach, here’s how to extract commit metadata from a GitHub repository:

1. Clone the Target Repository

git clone https://github.com/orgname/reponame.git
cd reponame

2. Extract Commit Emails & Usernames

Run the following command to list all unique contributor emails: 

git log --pretty="%ae" | sort -u

For usernames:

git log --pretty="%an" | sort -u

3. Search for Sensitive Data in Commits

Check for accidentally committed secrets (API keys, passwords):

git log -p | grep -i "password|api_key|secret"

4. Analyze a Specific File’s History

git log -p -- filename

5. Export Commit Metadata to a File

git log --pretty="%h - %an, %ae : %s" > commits.txt

Automated Recon with GitHub API

For large-scale extraction, use GitHub’s API:

curl -s "https://api.github.com/repos/orgname/reponame/commits?per_page=100" | jq '.[].commit.author.email' | sort -u

(Install `jq` for JSON parsing: sudo apt install jq)

What Undercode Say

GitHub reconnaissance is a critical phase in penetration testing and bug bounty hunting. Misconfigured repositories often leak:
– Employee emails (for phishing)
– Internal project details
– Hardcoded credentials

Additional Useful Commands:

  • Extract Git Branches: `git branch -a`
  • Check Remote URLs: `git remote -v`
  • Find Deleted Files in History: `git log –diff-filter=D –summary`
  • Search for AWS Keys: `git log -p | grep -i “AKIA[0-9A-Z]{16}”`

For defenders:

  • Git Hooks for Secrets Scanning: Use pre-commit hooks with tools like TruffleHog or GitLeaks.
  • Audit Your Repos Regularly: 
    gitleaks detect --source . -v

Expected Output:

A structured list of emails/usernames and sensitive strings from commit logs, aiding in targeted security research and vulnerability discovery.

Reference:

References:

Reported By: Mandal Saumadip – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: