s0md3v / zen Goto Github PK

View Code? Open in Web Editor NEW

545.0 14.0 100.0 21 KB

Find emails of Github users

License: Apache License 2.0

Python 100.00%

osint recon github github-recon information-gathering

zen's Introduction

Find email addresses of Github users

Find email address of a user

python zen.py username

python zen.py https://github.com/username

Find email addressess of contributors of a repository

python zen.py https://github.com/username/repository

Find email addresses of members of an organization

python zen.py organization --org

python zen.py https://github.com/orgs/organzation

Save JSON output to a file

python zen.py https://github.com/username/repository -o /path/to/file

Rate limiting

Github allows 60 unauthenticated requests per hour but limit for authenticated requests is 6000 per hour. You don't need to generate any kind of authenticated token, just supply your username via -u option as follows:

python zen.py username -u yourUsername

Threading

Zen supports multi-threading for faster data retrieval.

python zen.py IBM --org -t 20

Check if email has appeared in a breach

Zen uses haveibeenpwned.com API to check if an email has been breached or not. This feature is turned off by default and can be used with --breach option as follows

python zen.py s0md3v --breach

zen's People

Contributors

Stargazers

Watchers

Forkers

raminfp hacktoberfest01 jayaramyalla sharad1126 motosploit modulexcite pushpamk 1nd0 m00zh33 dutchosintguy m41doror trendingtechnology sp0ct0r flatl1neapt roma-sck dileepkumarjagadabi v1cker r3dfruitrollup averroes vikaskyadav siber-ninja hashbrown1013 abhijithvijayan techrec13 c0010 msuvojit johndoex1 seyioluwasade th3s3cr3tag3nt blackopr fakegit passer6y w00t3k evilysera chandler-song ayushman4 jeffrandell khryptorgraphics adriangohjw rafi693 yehonadav ghstrecon apt50 pyqtbroughtmehere ma999s qman69 per-fide ingramali kvasok23 marciopocebon natrix-fork johndoehack bbhunter 5l1v3r1 drkeinelust paladin1412 ykankaya nancheng2008 prvns133t kei0x polling-repo-continua notabombe rishabhsharmaofficial ex624 wankyou apollon33 mysterioussonofgod wedataintelligence jiayuasu nosorry ktm2590 beckettmiller dhavalu585 3453-315h kalikex1 swifilaboroka gabriela-amancio actorexpose jhonnylusonode c3n7ral051nt4g3ncy totoro2205 totorohome 007vasy jrandomsage papyrusdo solosourcer soi-20 jooni22 oksanado jackpot777 xapu3ma amarjitghuman katu37-cyber scolpx wagneroliveira2000

zen's Issues

Zen

Doesn't always work when giver username

Hi! Thanks for this great tool!
However, it doesn't always work when given a Username or URL with username, only:

$ zen.py E3V3A
        Z E N v1.0
E3V3A : [email protected]

Parsing error?

Tried the tool and it works great except in a few repositories.
See the email was applied to 2 of the users.

It wont fetch email if user do not have any commit

For example for the userId @akhilnadhpc Please try to get me the email address

Output / Results bringing same email

All repo or org searches pull one email address repeatedly.
See JSON for example of what I see with each attempt.
$ python3 zen.py https://github.com/microsoft/DeepSpeed -u hamelcubsfan -o output.json
{
"jeffra": {
"email": "[email protected]",
"pwned": false
},
"tjruwase": {
"email": "[email protected]",
"pwned": false
},
"stas00": {
"email": "[email protected]",
"pwned": false
},
"ShadenSmith": {
"email": "[email protected]",
"pwned": false
},
"RezaYazdaniAminabadi": {
"email": "[email protected]",
"pwned": false
},
"mrwyattii": {
"email": "[email protected]",
"pwned": false
},
"awan-10": {
"email": "[email protected]",
"pwned": false
},
"samyam": {
"email": "[email protected]",
"pwned": false
},
"cli99": {
"email": "[email protected]",
"pwned": false
},
"conglongli": {
"email": "[email protected]",
"pwned": false

Similar project

Hey,

Cool project! Just wanted to let you know I'm working on some similar stuff here: https://github.com/mschwager/gitem

Feel free to close - just wanted to let you know I'm working on a similar project, maybe we could collaborate 👍

Can not Run it

Limit

If the repos' contributor is over 100, the max is 100. Can I unlock this limit and get over 100 contributors?

The code is so mess according to the PEP rules

Create a Dockerfile

It would be a great thing if you could implement a Dockerfile with all the dependencies. Are you planning to implement this ?

Is this going to be abused?

As it is, GitHub's user data is such a juicy target for—among other people—recruiters, that it's forced GitHub to be pretty protective of e-mail addresses (default to hiding them in the profile, no longer providing them when granting basic OAuth permission, etc.)

The one thing that's harder (impossible?) to change is the e-mail encoded in the actual commits on folk's repos. I don't know what GItHub can or would do to counteract any abuse from automated tools that could be used to mass-scrape people's e-mails, but I worry the net harm/annoyance of this tool in careless hands is enough to outweigh its potential benefits.

What do you think?

Trucchi

Iterate through organization repos

Instead of getting just the organization members, it would be better to request the repos of the organization and iterate through every repository. This way you wont get just the member, but also every repo and contributor.

Something like this should do it:

def findUsersFromOrganization(username):
	response = get('https://api.github.com/orgs/%s/repos?per_page=100' % username, auth=HTTPBasicAuth(uname, '')).text
	repositories = re.findall(r'"full_name":"(.*?)"', response)
	print ('%s Total repositories: %s%i%s' % (info, green, len(repositories), end))
	for repo in repositories:
		print ('\n%s Checking %s%s%s' % (info, green, repo, end))
		org = repo.split('/')[0]
		repository = repo.split('/')[1]
		findEmailsFromRepo(org, repository)