gitosintx 0.1.0__py3-none-any.whl

gitosintx/__init__.py

@@ -0,0 +1,4 @@
+"""GitOSINTX - GitHub OSINT domain mention enumerator."""
+
+__version__ = "0.1.0"
+__author__ = "Harith Dilshan"

gitosintx/__main__.py

@@ -0,0 +1,4 @@
+from .cli import main
+
+if __name__ == "__main__":
+    raise SystemExit(main())

gitosintx/banner.py

@@ -0,0 +1,10 @@
+BANNER = r"""
+   ______ _ __  ____  _____ _____   _______  ______
+  / ____/(_) /_/ __ \/ ___//  _/ | / /_  __/ |/ /  |
+ / / __/ / __/ / / /\__ \ / //  |/ / / /  |   / /| |
+/ /_/ / / /_/ /_/ /___/ // // /|  / / /  /   | ___ |
+\____/_/\__/\____//____/___/_/ |_/ /_/  /_/|_|/  |_|
+
+ GitOSINTX - GitHub Domain & URL Mention Enumerator
+ Developed by Harith Dilshan | h4rithd.com
+"""

gitosintx/cli.py

@@ -0,0 +1,262 @@
+from __future__ import annotations
+
+import argparse
+import os
+import sys
+from pathlib import Path
+from typing import Dict, List, Tuple
+
+from . import __version__
+from .banner import BANNER
+from .github import GitHubAPIError, GitHubClient, code_item_to_finding, repo_item_to_finding
+from .models import Finding, ScanSummary
+from .report import write_html_report, write_json_report
+from .utils import (
+    build_code_queries,
+    build_repository_queries,
+    dedupe_preserve_order,
+    normalize_domain,
+    read_targets,
+)
+
+
+DEFAULT_NOTES = [
+    "GitOSINTX uses the official GitHub REST Search API and only queries public GitHub data available to the authenticated user.",
+    "GitHub search is rate-limited and capped; results are broad OSINT evidence, not a guarantee of full GitHub coverage.",
+    "Do not use, validate, or abuse exposed credentials. Preserve location evidence and report responsibly through the correct program channel.",
+]
+
+
+def build_parser() -> argparse.ArgumentParser:
+    parser = argparse.ArgumentParser(
+        prog="gitosintx",
+        description="GitOSINTX - find public GitHub repository mentions of domains and URLs.",
+        formatter_class=argparse.ArgumentDefaultsHelpFormatter,
+    )
+    target_group = parser.add_mutually_exclusive_group(required=True)
+    target_group.add_argument(
+        "-u",
+        "--url",
+        dest="url",
+        help="Single target domain or URL, e.g. https://h4rithd.com, http://h4rithd.com, or h4rithd.com",
+    )
+    target_group.add_argument(
+        "-list",
+        "--list",
+        dest="list_path",
+        help="File containing domains/URLs, one per line. Blank lines and # comments are ignored.",
+    )
+
+    parser.add_argument(
+        "-o",
+        "--output",
+        choices=["json", "html"],
+        default="html",
+        help="Report output format.",
+    )
+    parser.add_argument(
+        "--out",
+        dest="out_file",
+        help="Output report file path. Defaults to gitosintx-report.html or gitosintx-report.json.",
+    )
+    parser.add_argument(
+        "--token",
+        help="GitHub token. Prefer setting GITHUB_TOKEN instead of passing tokens on the command line.",
+    )
+    parser.add_argument(
+        "--max-pages",
+        type=int,
+        default=2,
+        help="Maximum GitHub result pages per query. GitHub allows up to 100 results per page.",
+    )
+    parser.add_argument(
+        "--per-page",
+        type=int,
+        default=50,
+        help="Results per GitHub API page. Maximum is 100.",
+    )
+    parser.add_argument(
+        "--sleep",
+        type=float,
+        default=1.0,
+        help="Delay in seconds between paginated API requests.",
+    )
+    parser.add_argument(
+        "--wait-rate-limit",
+        action="store_true",
+        help="Sleep and resume when GitHub primary/secondary rate limits are detected.",
+    )
+    parser.add_argument(
+        "--deep",
+        action="store_true",
+        help="Run additional extension/CI/config-focused queries. Slower and more rate-limit heavy.",
+    )
+    parser.add_argument(
+        "--no-repo-search",
+        action="store_true",
+        help="Disable repository metadata search and only run code search.",
+    )
+    parser.add_argument(
+        "--no-email-query",
+        action="store_true",
+        help="Do not search for @domain email-style mentions.",
+    )
+    parser.add_argument(
+        "--include-forks",
+        action="store_true",
+        help="Append fork:true to repository search queries. Code search may still include fork behavior controlled by GitHub.",
+    )
+    parser.add_argument(
+        "--quiet",
+        action="store_true",
+        help="Suppress banner and progress output.",
+    )
+    parser.add_argument(
+        "-v",
+        "--verbose",
+        action="store_true",
+        help="Print API query progress to stderr.",
+    )
+    parser.add_argument(
+        "--version",
+        action="version",
+        version=f"GitOSINTX {__version__}",
+    )
+    return parser
+
+
+def _default_out_file(fmt: str) -> str:
+    return f"gitosintx-report.{fmt}"
+
+
+def _normalize_targets(raw_targets: List[str]) -> Tuple[List[str], Dict[str, str]]:
+    mapping: Dict[str, str] = {}
+    normalized: List[str] = []
+    for raw in raw_targets:
+        domain = normalize_domain(raw)
+        mapping[raw] = domain
+        normalized.append(domain)
+    return dedupe_preserve_order(normalized), mapping
+
+
+def run_scan(args: argparse.Namespace) -> Tuple[ScanSummary, List[Finding]]:
+    started_at = ScanSummary.now_iso()
+    raw_targets = read_targets(args.url, args.list_path)
+    domains, mapping = _normalize_targets(raw_targets)
+    token = args.token or os.getenv("GITHUB_TOKEN")
+
+    client = GitHubClient(
+        token=token,
+        per_page=args.per_page,
+        max_pages=args.max_pages,
+        sleep=args.sleep,
+        wait_rate_limit=args.wait_rate_limit,
+        verbose=args.verbose,
+    )
+
+    findings_by_key: Dict[str, Finding] = {}
+    queries_executed = 0
+
+    for original_target, domain in mapping.items():
+        code_queries = build_code_queries(
+            domain,
+            deep=args.deep,
+            include_email=not args.no_email_query,
+        )
+        for query in code_queries:
+            queries_executed += 1
+            for item in client.search_code(query):
+                finding = code_item_to_finding(
+                    target=original_target,
+                    normalized_domain=domain,
+                    query=query,
+                    item=item,
+                )
+                existing = findings_by_key.get(finding.key())
+                if existing:
+                    if query not in existing.query:
+                        existing.query = f"{existing.query} || {query}"
+                    for tag in finding.tags:
+                        if tag not in existing.tags:
+                            existing.tags.append(tag)
+                    for fragment in finding.matched_fragments:
+                        if fragment not in existing.matched_fragments:
+                            existing.matched_fragments.append(fragment)
+                else:
+                    findings_by_key[finding.key()] = finding
+
+        if not args.no_repo_search:
+            repo_queries = build_repository_queries(domain)
+            for query in repo_queries:
+                if args.include_forks:
+                    query = f"{query} fork:true"
+                queries_executed += 1
+                for item in client.search_repositories(query):
+                    finding = repo_item_to_finding(
+                        target=original_target,
+                        normalized_domain=domain,
+                        query=query,
+                        item=item,
+                    )
+                    findings_by_key.setdefault(finding.key(), finding)
+
+    findings = sorted(
+        findings_by_key.values(),
+        key=lambda f: (
+            0 if "sensitive-keyword" in f.tags else 1,
+            0 if "config-file" in f.tags else 1,
+            f.repo_full_name.lower(),
+            f.file_path or "",
+        ),
+    )
+    unique_repos = len({f.repo_full_name for f in findings if f.repo_full_name})
+    summary = ScanSummary(
+        tool="GitOSINTX",
+        version=__version__,
+        started_at=started_at,
+        finished_at=ScanSummary.now_iso(),
+        targets=raw_targets,
+        normalized_domains=domains,
+        queries_executed=queries_executed,
+        findings_count=len(findings),
+        unique_repositories=unique_repos,
+        notes=DEFAULT_NOTES.copy(),
+    )
+    if not token:
+        summary.notes.append(
+            "No GitHub token was provided. Authenticated searches are strongly recommended for reliability and higher rate limits."
+        )
+    return summary, findings
+
+
+def main(argv: List[str] | None = None) -> int:
+    parser = build_parser()
+    args = parser.parse_args(argv)
+
+    if not args.quiet:
+        print(BANNER)
+
+    out_file = args.out_file or _default_out_file(args.output)
+    try:
+        summary, findings = run_scan(args)
+        if args.output == "json":
+            write_json_report(out_file, summary, findings)
+        else:
+            write_html_report(out_file, summary, findings)
+    except (ValueError, FileNotFoundError, GitHubAPIError) as exc:
+        print(f"[!] {exc}", file=sys.stderr)
+        return 2
+    except KeyboardInterrupt:
+        print("\n[!] Interrupted by user.", file=sys.stderr)
+        return 130
+
+    if not args.quiet:
+        print(f"[+] Findings: {summary.findings_count}")
+        print(f"[+] Unique repositories: {summary.unique_repositories}")
+        print(f"[+] Queries executed: {summary.queries_executed}")
+        print(f"[+] Report written: {Path(out_file).resolve()}")
+    return 0
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())

gitosintx/github.py

@@ -0,0 +1,203 @@
+from __future__ import annotations
+
+import sys
+import time
+from typing import Any, Dict, Iterator, List, Optional
+
+import requests
+
+from .models import Finding
+from .utils import classify_finding
+
+GITHUB_API = "https://api.github.com"
+API_VERSION = "2026-03-10"
+
+
+class GitHubAPIError(RuntimeError):
+    pass
+
+
+class GitHubClient:
+    def __init__(
+        self,
+        token: Optional[str] = None,
+        per_page: int = 50,
+        max_pages: int = 2,
+        sleep: float = 1.0,
+        wait_rate_limit: bool = False,
+        verbose: bool = False,
+    ) -> None:
+        self.token = token
+        self.per_page = max(1, min(per_page, 100))
+        self.max_pages = max(1, max_pages)
+        self.sleep = max(0.0, sleep)
+        self.wait_rate_limit = wait_rate_limit
+        self.verbose = verbose
+        self.session = requests.Session()
+        self.session.headers.update(
+            {
+                "Accept": "application/vnd.github.text-match+json, application/vnd.github+json",
+                "X-GitHub-Api-Version": API_VERSION,
+                "User-Agent": "GitOSINTX/0.1.0 (+https://h4rithd.com)",
+            }
+        )
+        if token:
+            self.session.headers.update({"Authorization": f"Bearer {token}"})
+
+    def _log(self, message: str) -> None:
+        if self.verbose:
+            print(message, file=sys.stderr)
+
+    def _request(self, endpoint: str, params: Dict[str, Any]) -> Dict[str, Any]:
+        url = f"{GITHUB_API}{endpoint}"
+        while True:
+            
+            try:
+                response = self.session.get(url, params=params, timeout=30)
+            except requests.RequestException as exc:
+                raise GitHubAPIError(f"GitHub API request failed: {exc}") from exc
+            remaining = response.headers.get("X-RateLimit-Remaining")
+            reset_at = response.headers.get("X-RateLimit-Reset")
+
+            if response.status_code in {403, 429}:
+                body = self._safe_json(response)
+                message = str(body.get("message", "")).lower()
+
+                rate_exhausted = remaining == "0" and reset_at is not None
+                secondary_limit = "secondary rate limit" in message or "abuse" in message
+
+                if self.wait_rate_limit and (rate_exhausted or secondary_limit):
+                    if rate_exhausted:
+                        delay = max(1, int(reset_at) - int(time.time()) + 3)
+                    else:
+                        delay = max(30, int(self.sleep * 10))
+                    self._log(f"[!] GitHub rate limit hit. Sleeping {delay}s...")
+                    time.sleep(delay)
+                    continue
+
+                raise GitHubAPIError(
+                    "GitHub rate limit or abuse protection triggered. "
+                    "Set GITHUB_TOKEN, reduce --max-pages, increase --sleep, or use --wait-rate-limit. "
+                    f"GitHub said: {body.get('message', response.text)}"
+                )
+
+            if response.status_code == 401:
+                raise GitHubAPIError(
+                    "GitHub authentication failed. Check your GITHUB_TOKEN. "
+                    "Fine-grained tokens should have access to public repositories metadata/search."
+                )
+
+            if response.status_code >= 400:
+                body = self._safe_json(response)
+                raise GitHubAPIError(
+                    f"GitHub API error HTTP {response.status_code}: {body.get('message', response.text)}"
+                )
+
+            return response.json()
+
+    @staticmethod
+    def _safe_json(response: requests.Response) -> Dict[str, Any]:
+        try:
+            data = response.json()
+            if isinstance(data, dict):
+                return data
+            return {"message": str(data)}
+        except Exception:
+            return {"message": response.text}
+
+    def search_code(self, query: str) -> Iterator[Dict[str, Any]]:
+        for page in range(1, self.max_pages + 1):
+            self._log(f"[*] Code search page {page}: {query}")
+            data = self._request(
+                "/search/code",
+                {"q": query, "per_page": self.per_page, "page": page},
+            )
+            items = data.get("items", []) or []
+            for item in items:
+                yield item
+            if len(items) < self.per_page:
+                break
+            if self.sleep:
+                time.sleep(self.sleep)
+
+    def search_repositories(self, query: str) -> Iterator[Dict[str, Any]]:
+        for page in range(1, self.max_pages + 1):
+            self._log(f"[*] Repo search page {page}: {query}")
+            data = self._request(
+                "/search/repositories",
+                {"q": query, "per_page": self.per_page, "page": page},
+            )
+            items = data.get("items", []) or []
+            for item in items:
+                yield item
+            if len(items) < self.per_page:
+                break
+            if self.sleep:
+                time.sleep(self.sleep)
+
+
+def _extract_fragments(item: Dict[str, Any]) -> List[str]:
+    fragments: List[str] = []
+    for match in item.get("text_matches", []) or []:
+        fragment = match.get("fragment")
+        if fragment:
+            fragments.append(fragment.strip())
+    return fragments
+
+
+def code_item_to_finding(
+    *,
+    target: str,
+    normalized_domain: str,
+    query: str,
+    item: Dict[str, Any],
+) -> Finding:
+    repo = item.get("repository", {}) or {}
+    fragments = _extract_fragments(item)
+    path = item.get("path")
+    file_url = item.get("html_url")
+    return Finding(
+        target=target,
+        normalized_domain=normalized_domain,
+        query=query,
+        source_type="code",
+        repo_full_name=repo.get("full_name", ""),
+        repo_url=repo.get("html_url", ""),
+        file_path=path,
+        file_url=file_url,
+        file_name=item.get("name"),
+        sha=item.get("sha"),
+        language=repo.get("language"),
+        repo_description=repo.get("description"),
+        repo_stars=repo.get("stargazers_count"),
+        repo_forks=repo.get("forks_count"),
+        repo_updated_at=repo.get("updated_at"),
+        matched_fragments=fragments,
+        tags=classify_finding(path, fragments, file_url),
+        score=item.get("score"),
+    )
+
+
+def repo_item_to_finding(
+    *,
+    target: str,
+    normalized_domain: str,
+    query: str,
+    item: Dict[str, Any],
+) -> Finding:
+    return Finding(
+        target=target,
+        normalized_domain=normalized_domain,
+        query=query,
+        source_type="repository",
+        repo_full_name=item.get("full_name", ""),
+        repo_url=item.get("html_url", ""),
+        repo_description=item.get("description"),
+        repo_stars=item.get("stargazers_count"),
+        repo_forks=item.get("forks_count"),
+        repo_updated_at=item.get("updated_at"),
+        language=item.get("language"),
+        matched_fragments=[],
+        tags=classify_finding(None, [item.get("description") or "", item.get("full_name") or ""], item.get("html_url")),
+        score=item.get("score"),
+    )

gitosintx/models.py

@@ -0,0 +1,62 @@
+from __future__ import annotations
+
+from dataclasses import asdict, dataclass, field
+from datetime import datetime, timezone
+from typing import Any, Dict, List, Optional
+
+
+@dataclass
+class Finding:
+    target: str
+    normalized_domain: str
+    query: str
+    source_type: str
+    repo_full_name: str
+    repo_url: str
+    file_path: Optional[str] = None
+    file_url: Optional[str] = None
+    file_name: Optional[str] = None
+    sha: Optional[str] = None
+    language: Optional[str] = None
+    repo_description: Optional[str] = None
+    repo_stars: Optional[int] = None
+    repo_forks: Optional[int] = None
+    repo_updated_at: Optional[str] = None
+    matched_fragments: List[str] = field(default_factory=list)
+    tags: List[str] = field(default_factory=list)
+    score: Optional[float] = None
+
+    def key(self) -> str:
+        return "|".join(
+            [
+                self.source_type or "",
+                self.repo_full_name or "",
+                self.file_path or "",
+                self.file_url or "",
+                self.normalized_domain or "",
+            ]
+        )
+
+    def to_dict(self) -> Dict[str, Any]:
+        return asdict(self)
+
+
+@dataclass
+class ScanSummary:
+    tool: str
+    version: str
+    started_at: str
+    finished_at: str
+    targets: List[str]
+    normalized_domains: List[str]
+    queries_executed: int
+    findings_count: int
+    unique_repositories: int
+    notes: List[str] = field(default_factory=list)
+
+    @staticmethod
+    def now_iso() -> str:
+        return datetime.now(timezone.utc).replace(microsecond=0).isoformat()
+
+    def to_dict(self) -> Dict[str, Any]:
+        return asdict(self)

gitosintx/report.py

@@ -0,0 +1,157 @@
+from __future__ import annotations
+
+import html
+import json
+from pathlib import Path
+from typing import Iterable, List
+
+from .models import Finding, ScanSummary
+
+
+def write_json_report(path: str, summary: ScanSummary, findings: Iterable[Finding]) -> None:
+    output = {
+        "summary": summary.to_dict(),
+        "findings": [finding.to_dict() for finding in findings],
+    }
+    Path(path).write_text(json.dumps(output, indent=2, ensure_ascii=False), encoding="utf-8")
+
+
+def _badge(tag: str) -> str:
+    return f'<span class="badge">{html.escape(tag)}</span>'
+
+
+def _safe(value: object) -> str:
+    if value is None:
+        return ""
+    return html.escape(str(value))
+
+
+def write_html_report(path: str, summary: ScanSummary, findings: List[Finding]) -> None:
+    repo_count = summary.unique_repositories
+    rows = []
+    for finding in findings:
+        fragments = "\n---\n".join(finding.matched_fragments[:3])
+        file_cell = (
+            f'<a href="{_safe(finding.file_url)}" target="_blank" rel="noreferrer">{_safe(finding.file_path)}</a>'
+            if finding.file_url and finding.file_path
+            else _safe(finding.file_path or "-")
+        )
+        repo_cell = (
+            f'<a href="{_safe(finding.repo_url)}" target="_blank" rel="noreferrer">{_safe(finding.repo_full_name)}</a>'
+            if finding.repo_url
+            else _safe(finding.repo_full_name)
+        )
+        rows.append(
+            f"""
+            <tr>
+              <td>{_safe(finding.source_type)}</td>
+              <td>{repo_cell}<div class="muted">{_safe(finding.language or '')}</div></td>
+              <td>{file_cell}</td>
+              <td>{''.join(_badge(tag) for tag in finding.tags) or '<span class="muted">none</span>'}</td>
+              <td><code>{_safe(finding.query)}</code></td>
+              <td><pre>{_safe(fragments)}</pre></td>
+            </tr>
+            """
+        )
+
+    notes = "".join(f"<li>{_safe(note)}</li>" for note in summary.notes)
+    targets = "".join(f"<span class='pill'>{_safe(target)}</span>" for target in summary.normalized_domains)
+
+    document = f"""<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>GitOSINTX Report</title>
+  <style>
+    :root {{
+      --bg: #0b1020;
+      --panel: #111935;
+      --panel2: #151f40;
+      --text: #eef2ff;
+      --muted: #aab4d4;
+      --accent: #7dd3fc;
+      --line: #273456;
+      --badge: #23345f;
+      --danger: #fda4af;
+    }}
+    * {{ box-sizing: border-box; }}
+    body {{
+      margin: 0;
+      font-family: Inter, ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif;
+      background: radial-gradient(circle at top left, #1e3a8a 0, transparent 35%), var(--bg);
+      color: var(--text);
+    }}
+    header {{ padding: 42px 34px 22px; border-bottom: 1px solid var(--line); }}
+    h1 {{ margin: 0; font-size: 42px; letter-spacing: -0.04em; }}
+    h2 {{ margin-top: 32px; }}
+    a {{ color: var(--accent); text-decoration: none; }}
+    a:hover {{ text-decoration: underline; }}
+    .subtitle {{ color: var(--muted); margin-top: 8px; }}
+    .brand {{ color: var(--accent); font-weight: 700; }}
+    main {{ padding: 28px 34px 54px; }}
+    .grid {{ display: grid; grid-template-columns: repeat(4, minmax(0, 1fr)); gap: 16px; }}
+    .card {{ background: rgba(17, 25, 53, 0.88); border: 1px solid var(--line); border-radius: 18px; padding: 18px; box-shadow: 0 18px 40px rgba(0,0,0,.22); }}
+    .metric {{ font-size: 32px; font-weight: 800; }}
+    .label {{ color: var(--muted); font-size: 13px; margin-top: 4px; }}
+    .pill, .badge {{ display: inline-block; margin: 3px 5px 3px 0; padding: 5px 9px; border-radius: 999px; background: var(--badge); color: var(--text); font-size: 12px; border: 1px solid var(--line); }}
+    .badge {{ color: var(--accent); }}
+    .muted {{ color: var(--muted); font-size: 12px; margin-top: 4px; }}
+    table {{ width: 100%; border-collapse: collapse; margin-top: 18px; overflow: hidden; border-radius: 16px; }}
+    th, td {{ text-align: left; vertical-align: top; padding: 13px; border-bottom: 1px solid var(--line); }}
+    th {{ color: var(--muted); font-size: 12px; text-transform: uppercase; letter-spacing: .08em; background: var(--panel2); }}
+    td {{ background: rgba(17, 25, 53, 0.76); font-size: 14px; }}
+    code {{ color: #bae6fd; white-space: pre-wrap; overflow-wrap: anywhere; }}
+    pre {{ max-width: 520px; max-height: 220px; overflow: auto; padding: 10px; border-radius: 12px; background: #070b16; color: #dbeafe; border: 1px solid var(--line); white-space: pre-wrap; overflow-wrap: anywhere; }}
+    .notes {{ color: var(--muted); }}
+    footer {{ padding: 20px 34px; border-top: 1px solid var(--line); color: var(--muted); }}
+    @media (max-width: 980px) {{ .grid {{ grid-template-columns: repeat(2, 1fr); }} table {{ display: block; overflow-x: auto; }} }}
+    @media (max-width: 640px) {{ .grid {{ grid-template-columns: 1fr; }} header, main, footer {{ padding-left: 18px; padding-right: 18px; }} h1 {{ font-size: 34px; }} }}
+  </style>
+</head>
+<body>
+  <header>
+    <h1>GitOSINTX Report</h1>
+    <div class="subtitle">GitHub Domain & URL Mention Enumerator</div>
+    <div class="subtitle">Developed by <span class="brand">Harith Dilshan</span> | h4rithd.com</div>
+  </header>
+  <main>
+    <section class="grid">
+      <div class="card"><div class="metric">{summary.findings_count}</div><div class="label">Findings</div></div>
+      <div class="card"><div class="metric">{repo_count}</div><div class="label">Unique repositories</div></div>
+      <div class="card"><div class="metric">{summary.queries_executed}</div><div class="label">Queries executed</div></div>
+      <div class="card"><div class="metric">{len(summary.normalized_domains)}</div><div class="label">Domains searched</div></div>
+    </section>
+
+    <section class="card" style="margin-top: 18px;">
+      <strong>Targets</strong><br>
+      {targets}
+    </section>
+
+    <h2>Findings</h2>
+    <table>
+      <thead>
+        <tr>
+          <th>Type</th>
+          <th>Repository</th>
+          <th>File</th>
+          <th>Tags</th>
+          <th>Query</th>
+          <th>Matched fragment</th>
+        </tr>
+      </thead>
+      <tbody>
+        {''.join(rows) if rows else '<tr><td colspan="6">No findings.</td></tr>'}
+      </tbody>
+    </table>
+
+    <h2>Notes</h2>
+    <ul class="notes">{notes}</ul>
+  </main>
+  <footer>
+    Generated by GitOSINTX. Review findings manually before submitting security reports. Never use discovered credentials.
+  </footer>
+</body>
+</html>
+"""
+    Path(path).write_text(document, encoding="utf-8")

gitosintx/utils.py

@@ -0,0 +1,207 @@
+from __future__ import annotations
+
+import re
+from pathlib import Path
+from typing import Iterable, List, Sequence
+from urllib.parse import urlparse
+
+DOMAIN_RE = re.compile(
+    r"^(?=.{1,253}$)(?!-)(?:[a-zA-Z0-9-]{1,63}(?<!-)\.)+[a-zA-Z]{2,63}$"
+)
+
+SENSITIVE_WORDS = {
+    "password",
+    "passwd",
+    "pwd",
+    "secret",
+    "token",
+    "api_key",
+    "apikey",
+    "client_secret",
+    "access_key",
+    "private_key",
+    "credential",
+    "credentials",
+    "bearer",
+    "jwt",
+    "authorization",
+    "auth",
+    "session",
+    "cookie",
+    "db_password",
+    "database_url",
+}
+
+CONFIG_EXTENSIONS = {
+    ".env",
+    ".yml",
+    ".yaml",
+    ".json",
+    ".xml",
+    ".ini",
+    ".conf",
+    ".config",
+    ".properties",
+    ".toml",
+    ".tf",
+    ".tfvars",
+}
+
+CICD_MARKERS = {
+    ".github/workflows",
+    ".gitlab-ci.yml",
+    "jenkinsfile",
+    "circleci",
+    "azure-pipelines",
+    "bitbucket-pipelines",
+    "dockerfile",
+    "docker-compose",
+}
+
+
+def normalize_domain(value: str) -> str:
+    """Normalize URL/domain input into a bare lowercase domain.
+
+    Examples:
+        https://www.example.com/path -> www.example.com
+        http://example.com:443 -> example.com
+        example.com/login -> example.com
+    """
+    raw = (value or "").strip()
+    if not raw:
+        raise ValueError("empty domain/url input")
+
+    if "://" not in raw:
+        parsed = urlparse("//" + raw, scheme="http")
+    else:
+        parsed = urlparse(raw)
+
+    host = parsed.hostname
+    if not host:
+        # Handles odd values where urlparse cannot infer netloc.
+        host = raw.split("/")[0].split(":")[0]
+
+    host = host.strip().strip(".").lower()
+    if host.startswith("*."):
+        host = host[2:]
+
+    try:
+        host = host.encode("idna").decode("ascii")
+    except UnicodeError as exc:
+        raise ValueError(f"invalid internationalized domain: {value}") from exc
+
+    if not DOMAIN_RE.match(host):
+        raise ValueError(f"invalid domain/url input: {value}")
+    return host
+
+
+def read_targets(single_url: str | None, list_path: str | None) -> List[str]:
+    values: List[str] = []
+    if single_url:
+        values.append(single_url)
+    if list_path:
+        path = Path(list_path).expanduser()
+        if not path.exists():
+            raise FileNotFoundError(f"target list does not exist: {path}")
+        for line in path.read_text(encoding="utf-8", errors="ignore").splitlines():
+            item = line.strip()
+            if not item or item.startswith("#"):
+                continue
+            values.append(item)
+    if not values:
+        raise ValueError("provide -u/--url or -list/--list")
+    return dedupe_preserve_order(values)
+
+
+def dedupe_preserve_order(values: Iterable[str]) -> List[str]:
+    seen = set()
+    output = []
+    for value in values:
+        if value not in seen:
+            seen.add(value)
+            output.append(value)
+    return output
+
+
+def build_domain_variants(domain: str) -> List[str]:
+    variants = [domain]
+    if domain.startswith("www."):
+        variants.append(domain[4:])
+    else:
+        variants.append(f"www.{domain}")
+    return dedupe_preserve_order(variants)
+
+
+def build_code_queries(domain: str, deep: bool = False, include_email: bool = True) -> List[str]:
+    variants = build_domain_variants(domain)
+    queries: List[str] = []
+
+    for host in variants:
+        queries.extend(
+            [
+                f'"{host}" in:file',
+                f'"https://{host}" in:file',
+                f'"http://{host}" in:file',
+                f'"//{host}" in:file',
+                f'"{host}" in:path',
+            ]
+        )
+        if include_email:
+            queries.append(f'"@{host}" in:file')
+
+        if deep:
+            queries.extend(
+                [
+                    f'"{host}" extension:env',
+                    f'"{host}" extension:yml',
+                    f'"{host}" extension:yaml',
+                    f'"{host}" extension:json',
+                    f'"{host}" extension:js',
+                    f'"{host}" extension:ts',
+                    f'"{host}" extension:properties',
+                    f'"{host}" extension:xml',
+                    f'"{host}" filename:Dockerfile',
+                    f'"{host}" filename:docker-compose.yml',
+                    f'"{host}" filename:Jenkinsfile',
+                ]
+            )
+
+    return dedupe_preserve_order(queries)
+
+
+def build_repository_queries(domain: str) -> List[str]:
+    parts = domain.split(".")
+    brand = parts[-3] if len(parts) >= 3 and parts[-2] in {"co", "com", "net", "org"} else parts[-2]
+    candidates = [domain, brand]
+    if domain.startswith("www."):
+        candidates.append(domain[4:])
+    return dedupe_preserve_order(
+        [
+            f'"{candidate}" in:name,description,readme'
+            for candidate in candidates
+            if candidate and len(candidate) > 2
+        ]
+    )
+
+
+def classify_finding(path: str | None, fragments: Sequence[str] | None, file_url: str | None = None) -> List[str]:
+    haystack = " ".join([path or "", file_url or "", " ".join(fragments or [])]).lower()
+    tags = []
+
+    if any(word in haystack for word in SENSITIVE_WORDS):
+        tags.append("sensitive-keyword")
+
+    lower_path = (path or "").lower()
+    if any(lower_path.endswith(ext) or ext in lower_path for ext in CONFIG_EXTENSIONS):
+        tags.append("config-file")
+
+    if any(marker in lower_path for marker in CICD_MARKERS):
+        tags.append("cicd-devops")
+
+    if "http://" in haystack or "https://" in haystack or "//" in haystack:
+        tags.append("url-reference")
+
+    if "@" in haystack:
+        tags.append("email-reference")
+
+    return dedupe_preserve_order(tags)

gitosintx-0.1.0.dist-info/METADATA

@@ -0,0 +1,165 @@
+Metadata-Version: 2.4
+Name: gitosintx
+Version: 0.1.0
+Summary: GitHub OSINT tool for finding public repository mentions of domains and URLs.
+Author: Harith Dilshan
+License-Expression: MIT
+Project-URL: Homepage, https://h4rithd.com
+Project-URL: Repository, https://github.com/h4rithd/GitOSINTX
+Project-URL: Issues, https://github.com/h4rithd/GitOSINTX/issues
+Keywords: osint,github-osint,bug-bounty,domain-recon,github-search,security-research
+Classifier: Development Status :: 3 - Alpha
+Classifier: Environment :: Console
+Classifier: Intended Audience :: Information Technology
+Classifier: Intended Audience :: System Administrators
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Security
+Classifier: Topic :: Internet :: WWW/HTTP :: Indexing/Search
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: requests>=2.31.0
+Dynamic: license-file
+
+# GitOSINTX
+
+**GitOSINTX** is a GitHub OSINT command-line tool for finding public repository mentions of domains, URLs, and email-style references.
+
+```text
+   ______ _ __  ____  _____ _____   _______  ______
+  / ____/(_) /_/ __ \/ ___//  _/ | / /_  __/ |/ /  |
+ / / __/ / __/ / / /\__ \ / //  |/ / / /  |   / /| |
+/ /_/ / / /_/ /_/ /___/ // // /|  / / /  /   | ___ |
+\____/_/\__/\____//____/___/_/ |_/ /_/  /_/|_|/  |_|
+
+ GitOSINTX - GitHub Domain & URL Mention Enumerator
+ Developed by Harith Dilshan | h4rithd.com
+```
+
+## What it does
+
+GitOSINTX accepts a domain or URL, normalizes it into a bare domain, generates multiple GitHub Search API queries, deduplicates results, classifies risky-looking references, and exports a clean JSON or HTML report.
+
+It is useful for:
+
+- Bug bounty passive recon
+- Public code exposure discovery
+- Domain and URL mention enumeration
+- Finding hardcoded API endpoints in public repositories
+- Identifying config, CI/CD, and sensitive-keyword references
+
+## What it does **not** do
+
+GitOSINTX does not bypass GitHub limits, scrape private repositories, validate leaked credentials, or exploit anything. It only queries public GitHub data available to your GitHub API access level.
+
+## Install
+
+From PyPI after publication:
+
+```bash
+pip install gitosintx
+```
+
+For local development:
+
+```bash
+git clone https://github.com/h4rithd/GitOSINTX
+cd GitOSINTX
+python3 -m pip install -e .
+```
+
+## GitHub token
+
+Authenticated GitHub requests are strongly recommended.
+
+```bash
+export GITHUB_TOKEN='ghp_xxxxxxxxxxxxxxxxxxxx'
+```
+
+Avoid passing tokens directly on the command line because shell history may store them.
+
+## Usage
+
+Search a single domain or URL and export HTML:
+
+```bash
+gitosintx -u https://h4rithd.com -o html --out h4rithd-github-osint.html
+```
+
+Search a single domain and export JSON:
+
+```bash
+gitosintx -u h4rithd.com -o json --out h4rithd-github-osint.json
+```
+
+Search a list of domains/URLs:
+
+```bash
+gitosintx -list examples/domains.txt -o html --out multi-domain-report.html
+```
+
+Run deeper extension/config-focused queries:
+
+```bash
+gitosintx -u h4rithd.com --deep -o html --out deep-report.html
+```
+
+Be friendlier to GitHub rate limits:
+
+```bash
+gitosintx -u h4rithd.com --max-pages 1 --sleep 2 --wait-rate-limit
+```
+
+Show help:
+
+```bash
+gitosintx -h
+```
+
+## CLI options
+
+```text
+-u, --url              Single target domain or URL
+-list, --list          File containing domains/URLs, one per line
+-o, --output           Output format: html or json
+--out                  Output report path
+--token                GitHub token; prefer GITHUB_TOKEN env var
+--max-pages            Maximum GitHub result pages per query
+--per-page             Results per GitHub API page, max 100
+--sleep                Delay between paginated requests
+--wait-rate-limit      Sleep and continue when rate limited
+--deep                 Run additional config/extension-focused queries
+--no-repo-search       Disable repository metadata search
+--no-email-query       Disable @domain query
+--include-forks        Include forks in repository search where supported
+--quiet                Suppress banner/progress output
+-v, --verbose          Print query progress to stderr
+--version              Print version
+-h, --help             Show help
+```
+
+## Output tags
+
+GitOSINTX applies simple triage tags to help prioritize manual review:
+
+| Tag | Meaning |
+| --- | --- |
+| `sensitive-keyword` | Match appears near words like token, secret, password, api_key, private_key, etc. |
+| `config-file` | Match appears in config-style files such as `.env`, `.yml`, `.json`, `.properties`, `.tfvars`, etc. |
+| `cicd-devops` | Match appears in CI/CD or deployment files such as GitHub Actions, Dockerfile, Jenkinsfile, etc. |
+| `url-reference` | Match contains URL-style syntax. |
+| `email-reference` | Match contains email-style syntax. |
+
+## Responsible use
+
+Do not use discovered credentials. Do not validate tokens. Do not access systems without explicit authorization. For bug bounty, preserve evidence: repository, file path, commit/hash when available, matched snippet, exposure type, and remediation recommendation.
+
+## License
+
+MIT License.

gitosintx-0.1.0.dist-info/RECORD

@@ -0,0 +1,14 @@
+gitosintx/__init__.py,sha256=S_wG0eaO2wpE4YM4Nu3HaBE61B4DlgUNJwNA5UT4Z5U,111
+gitosintx/__main__.py,sha256=MHKZ_ae3fSLGTLUUMOx15fWdeOnJSHhq-zslRP5F5Lc,79
+gitosintx/banner.py,sha256=Jz0XQksBL1m0R7THq81FwZOVYkdsKNsvB2I2FqSJELs,378
+gitosintx/cli.py,sha256=WiiV6oBUkYyReWLIAcqNFi86uBYs90MAKMu0J16EL2o,8810
+gitosintx/github.py,sha256=PzOOFXmEE3LdLYb3YTHsSRUy3nTosITSEMN02eLs_aQ,7045
+gitosintx/models.py,sha256=SNb8chEhY-O62FFRrHF-mgxGX2n7w4fOJL7c5GZv4d0,1644
+gitosintx/report.py,sha256=YC4KUJVg7Xt4yOm_oxfJ8g3UfGk4t9bVHwAL3P2WEGo,6659
+gitosintx/utils.py,sha256=Yn8qOfjpCkDgvj-BTWI7K-AWwwFRZVN23BraZMUtvUI,5670
+gitosintx-0.1.0.dist-info/licenses/LICENSE,sha256=qopjeV5v847ZI8oileUZ_xRaSY5YVDv439ZB3XCf6qI,1071
+gitosintx-0.1.0.dist-info/METADATA,sha256=H_5afMiUZadw94CFVeTqQz2xuZcdavPPNj87fN1E7Zg,5374
+gitosintx-0.1.0.dist-info/WHEEL,sha256=aeYiig01lYGDzBgS8HxWXOg3uV61G9ijOsup-k9o1sk,91
+gitosintx-0.1.0.dist-info/entry_points.txt,sha256=qvWSrkvY4Mbu99XImHu4ash3LeDxe3KoDG0fUeGDQK8,49
+gitosintx-0.1.0.dist-info/top_level.txt,sha256=VCA15sWsYEzXTdOYN_HYTcthdxc0MGxHEtb1ouGZqb0,10
+gitosintx-0.1.0.dist-info/RECORD,,

gitosintx-0.1.0.dist-info/WHEEL

@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: setuptools (82.0.1)
+Root-Is-Purelib: true
+Tag: py3-none-any
+

gitosintx-0.1.0.dist-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+gitosintx = gitosintx.cli:main

gitosintx-0.1.0.dist-info/licenses/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Harith Dilshan
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

gitosintx-0.1.0.dist-info/top_level.txt

@@ -0,0 +1 @@
+gitosintx