gitosintx 0.1.0__tar.gz

gitosintx-0.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Harith Dilshan
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

gitosintx-0.1.0/MANIFEST.in

@@ -0,0 +1,3 @@
+include README.md
+include LICENSE
+recursive-include examples *.txt

gitosintx-0.1.0/PKG-INFO

@@ -0,0 +1,165 @@
+Metadata-Version: 2.4
+Name: gitosintx
+Version: 0.1.0
+Summary: GitHub OSINT tool for finding public repository mentions of domains and URLs.
+Author: Harith Dilshan
+License-Expression: MIT
+Project-URL: Homepage, https://h4rithd.com
+Project-URL: Repository, https://github.com/h4rithd/GitOSINTX
+Project-URL: Issues, https://github.com/h4rithd/GitOSINTX/issues
+Keywords: osint,github-osint,bug-bounty,domain-recon,github-search,security-research
+Classifier: Development Status :: 3 - Alpha
+Classifier: Environment :: Console
+Classifier: Intended Audience :: Information Technology
+Classifier: Intended Audience :: System Administrators
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Security
+Classifier: Topic :: Internet :: WWW/HTTP :: Indexing/Search
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: requests>=2.31.0
+Dynamic: license-file
+
+# GitOSINTX
+
+**GitOSINTX** is a GitHub OSINT command-line tool for finding public repository mentions of domains, URLs, and email-style references.
+
+```text
+   ______ _ __  ____  _____ _____   _______  ______
+  / ____/(_) /_/ __ \/ ___//  _/ | / /_  __/ |/ /  |
+ / / __/ / __/ / / /\__ \ / //  |/ / / /  |   / /| |
+/ /_/ / / /_/ /_/ /___/ // // /|  / / /  /   | ___ |
+\____/_/\__/\____//____/___/_/ |_/ /_/  /_/|_|/  |_|
+
+ GitOSINTX - GitHub Domain & URL Mention Enumerator
+ Developed by Harith Dilshan | h4rithd.com
+```
+
+## What it does
+
+GitOSINTX accepts a domain or URL, normalizes it into a bare domain, generates multiple GitHub Search API queries, deduplicates results, classifies risky-looking references, and exports a clean JSON or HTML report.
+
+It is useful for:
+
+- Bug bounty passive recon
+- Public code exposure discovery
+- Domain and URL mention enumeration
+- Finding hardcoded API endpoints in public repositories
+- Identifying config, CI/CD, and sensitive-keyword references
+
+## What it does **not** do
+
+GitOSINTX does not bypass GitHub limits, scrape private repositories, validate leaked credentials, or exploit anything. It only queries public GitHub data available to your GitHub API access level.
+
+## Install
+
+From PyPI after publication:
+
+```bash
+pip install gitosintx
+```
+
+For local development:
+
+```bash
+git clone https://github.com/h4rithd/GitOSINTX
+cd GitOSINTX
+python3 -m pip install -e .
+```
+
+## GitHub token
+
+Authenticated GitHub requests are strongly recommended.
+
+```bash
+export GITHUB_TOKEN='ghp_xxxxxxxxxxxxxxxxxxxx'
+```
+
+Avoid passing tokens directly on the command line because shell history may store them.
+
+## Usage
+
+Search a single domain or URL and export HTML:
+
+```bash
+gitosintx -u https://h4rithd.com -o html --out h4rithd-github-osint.html
+```
+
+Search a single domain and export JSON:
+
+```bash
+gitosintx -u h4rithd.com -o json --out h4rithd-github-osint.json
+```
+
+Search a list of domains/URLs:
+
+```bash
+gitosintx -list examples/domains.txt -o html --out multi-domain-report.html
+```
+
+Run deeper extension/config-focused queries:
+
+```bash
+gitosintx -u h4rithd.com --deep -o html --out deep-report.html
+```
+
+Be friendlier to GitHub rate limits:
+
+```bash
+gitosintx -u h4rithd.com --max-pages 1 --sleep 2 --wait-rate-limit
+```
+
+Show help:
+
+```bash
+gitosintx -h
+```
+
+## CLI options
+
+```text
+-u, --url              Single target domain or URL
+-list, --list          File containing domains/URLs, one per line
+-o, --output           Output format: html or json
+--out                  Output report path
+--token                GitHub token; prefer GITHUB_TOKEN env var
+--max-pages            Maximum GitHub result pages per query
+--per-page             Results per GitHub API page, max 100
+--sleep                Delay between paginated requests
+--wait-rate-limit      Sleep and continue when rate limited
+--deep                 Run additional config/extension-focused queries
+--no-repo-search       Disable repository metadata search
+--no-email-query       Disable @domain query
+--include-forks        Include forks in repository search where supported
+--quiet                Suppress banner/progress output
+-v, --verbose          Print query progress to stderr
+--version              Print version
+-h, --help             Show help
+```
+
+## Output tags
+
+GitOSINTX applies simple triage tags to help prioritize manual review:
+
+| Tag | Meaning |
+| --- | --- |
+| `sensitive-keyword` | Match appears near words like token, secret, password, api_key, private_key, etc. |
+| `config-file` | Match appears in config-style files such as `.env`, `.yml`, `.json`, `.properties`, `.tfvars`, etc. |
+| `cicd-devops` | Match appears in CI/CD or deployment files such as GitHub Actions, Dockerfile, Jenkinsfile, etc. |
+| `url-reference` | Match contains URL-style syntax. |
+| `email-reference` | Match contains email-style syntax. |
+
+## Responsible use
+
+Do not use discovered credentials. Do not validate tokens. Do not access systems without explicit authorization. For bug bounty, preserve evidence: repository, file path, commit/hash when available, matched snippet, exposure type, and remediation recommendation.
+
+## License
+
+MIT License.

gitosintx-0.1.0/README.md

@@ -0,0 +1,136 @@
+# GitOSINTX
+
+**GitOSINTX** is a GitHub OSINT command-line tool for finding public repository mentions of domains, URLs, and email-style references.
+
+```text
+   ______ _ __  ____  _____ _____   _______  ______
+  / ____/(_) /_/ __ \/ ___//  _/ | / /_  __/ |/ /  |
+ / / __/ / __/ / / /\__ \ / //  |/ / / /  |   / /| |
+/ /_/ / / /_/ /_/ /___/ // // /|  / / /  /   | ___ |
+\____/_/\__/\____//____/___/_/ |_/ /_/  /_/|_|/  |_|
+
+ GitOSINTX - GitHub Domain & URL Mention Enumerator
+ Developed by Harith Dilshan | h4rithd.com
+```
+
+## What it does
+
+GitOSINTX accepts a domain or URL, normalizes it into a bare domain, generates multiple GitHub Search API queries, deduplicates results, classifies risky-looking references, and exports a clean JSON or HTML report.
+
+It is useful for:
+
+- Bug bounty passive recon
+- Public code exposure discovery
+- Domain and URL mention enumeration
+- Finding hardcoded API endpoints in public repositories
+- Identifying config, CI/CD, and sensitive-keyword references
+
+## What it does **not** do
+
+GitOSINTX does not bypass GitHub limits, scrape private repositories, validate leaked credentials, or exploit anything. It only queries public GitHub data available to your GitHub API access level.
+
+## Install
+
+From PyPI after publication:
+
+```bash
+pip install gitosintx
+```
+
+For local development:
+
+```bash
+git clone https://github.com/h4rithd/GitOSINTX
+cd GitOSINTX
+python3 -m pip install -e .
+```
+
+## GitHub token
+
+Authenticated GitHub requests are strongly recommended.
+
+```bash
+export GITHUB_TOKEN='ghp_xxxxxxxxxxxxxxxxxxxx'
+```
+
+Avoid passing tokens directly on the command line because shell history may store them.
+
+## Usage
+
+Search a single domain or URL and export HTML:
+
+```bash
+gitosintx -u https://h4rithd.com -o html --out h4rithd-github-osint.html
+```
+
+Search a single domain and export JSON:
+
+```bash
+gitosintx -u h4rithd.com -o json --out h4rithd-github-osint.json
+```
+
+Search a list of domains/URLs:
+
+```bash
+gitosintx -list examples/domains.txt -o html --out multi-domain-report.html
+```
+
+Run deeper extension/config-focused queries:
+
+```bash
+gitosintx -u h4rithd.com --deep -o html --out deep-report.html
+```
+
+Be friendlier to GitHub rate limits:
+
+```bash
+gitosintx -u h4rithd.com --max-pages 1 --sleep 2 --wait-rate-limit
+```
+
+Show help:
+
+```bash
+gitosintx -h
+```
+
+## CLI options
+
+```text
+-u, --url              Single target domain or URL
+-list, --list          File containing domains/URLs, one per line
+-o, --output           Output format: html or json
+--out                  Output report path
+--token                GitHub token; prefer GITHUB_TOKEN env var
+--max-pages            Maximum GitHub result pages per query
+--per-page             Results per GitHub API page, max 100
+--sleep                Delay between paginated requests
+--wait-rate-limit      Sleep and continue when rate limited
+--deep                 Run additional config/extension-focused queries
+--no-repo-search       Disable repository metadata search
+--no-email-query       Disable @domain query
+--include-forks        Include forks in repository search where supported
+--quiet                Suppress banner/progress output
+-v, --verbose          Print query progress to stderr
+--version              Print version
+-h, --help             Show help
+```
+
+## Output tags
+
+GitOSINTX applies simple triage tags to help prioritize manual review:
+
+| Tag | Meaning |
+| --- | --- |
+| `sensitive-keyword` | Match appears near words like token, secret, password, api_key, private_key, etc. |
+| `config-file` | Match appears in config-style files such as `.env`, `.yml`, `.json`, `.properties`, `.tfvars`, etc. |
+| `cicd-devops` | Match appears in CI/CD or deployment files such as GitHub Actions, Dockerfile, Jenkinsfile, etc. |
+| `url-reference` | Match contains URL-style syntax. |
+| `email-reference` | Match contains email-style syntax. |
+
+## Responsible use
+
+Do not use discovered credentials. Do not validate tokens. Do not access systems without explicit authorization. For bug bounty, preserve evidence: repository, file path, commit/hash when available, matched snippet, exposure type, and remediation recommendation.
+
+## License
+
+MIT License.

gitosintx-0.1.0/examples/domains.txt

@@ -0,0 +1,3 @@
+https://example.com
+http://example.org
+subdomain.example.net

gitosintx-0.1.0/pyproject.toml

@@ -0,0 +1,51 @@
+[build-system]
+requires = ["setuptools>=68", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "gitosintx"
+version = "0.1.0"
+description = "GitHub OSINT tool for finding public repository mentions of domains and URLs."
+readme = "README.md"
+requires-python = ">=3.9"
+license = "MIT"
+authors = [
+  { name = "Harith Dilshan" }
+]
+keywords = [
+  "osint",
+  "github-osint",
+  "bug-bounty",
+  "domain-recon",
+  "github-search",
+  "security-research"
+]
+classifiers = [
+  "Development Status :: 3 - Alpha",
+  "Environment :: Console",
+  "Intended Audience :: Information Technology",
+  "Intended Audience :: System Administrators",
+  "Operating System :: OS Independent",
+  "Programming Language :: Python :: 3",
+  "Programming Language :: Python :: 3.9",
+  "Programming Language :: Python :: 3.10",
+  "Programming Language :: Python :: 3.11",
+  "Programming Language :: Python :: 3.12",
+  "Programming Language :: Python :: 3.13",
+  "Topic :: Security",
+  "Topic :: Internet :: WWW/HTTP :: Indexing/Search"
+]
+dependencies = [
+  "requests>=2.31.0"
+]
+
+[project.urls]
+Homepage = "https://h4rithd.com"
+Repository = "https://github.com/h4rithd/GitOSINTX"
+Issues = "https://github.com/h4rithd/GitOSINTX/issues"
+
+[project.scripts]
+gitosintx = "gitosintx.cli:main"
+
+[tool.setuptools.packages.find]
+where = ["src"]

gitosintx-0.1.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

gitosintx-0.1.0/src/gitosintx/__init__.py

@@ -0,0 +1,4 @@
+"""GitOSINTX - GitHub OSINT domain mention enumerator."""
+
+__version__ = "0.1.0"
+__author__ = "Harith Dilshan"

gitosintx-0.1.0/src/gitosintx/__main__.py

@@ -0,0 +1,4 @@
+from .cli import main
+
+if __name__ == "__main__":
+    raise SystemExit(main())

gitosintx-0.1.0/src/gitosintx/banner.py

@@ -0,0 +1,10 @@
+BANNER = r"""
+   ______ _ __  ____  _____ _____   _______  ______
+  / ____/(_) /_/ __ \/ ___//  _/ | / /_  __/ |/ /  |
+ / / __/ / __/ / / /\__ \ / //  |/ / / /  |   / /| |
+/ /_/ / / /_/ /_/ /___/ // // /|  / / /  /   | ___ |
+\____/_/\__/\____//____/___/_/ |_/ /_/  /_/|_|/  |_|
+
+ GitOSINTX - GitHub Domain & URL Mention Enumerator
+ Developed by Harith Dilshan | h4rithd.com
+"""

gitosintx-0.1.0/src/gitosintx/cli.py

@@ -0,0 +1,262 @@
+from __future__ import annotations
+
+import argparse
+import os
+import sys
+from pathlib import Path
+from typing import Dict, List, Tuple
+
+from . import __version__
+from .banner import BANNER
+from .github import GitHubAPIError, GitHubClient, code_item_to_finding, repo_item_to_finding
+from .models import Finding, ScanSummary
+from .report import write_html_report, write_json_report
+from .utils import (
+    build_code_queries,
+    build_repository_queries,
+    dedupe_preserve_order,
+    normalize_domain,
+    read_targets,
+)
+
+
+DEFAULT_NOTES = [
+    "GitOSINTX uses the official GitHub REST Search API and only queries public GitHub data available to the authenticated user.",
+    "GitHub search is rate-limited and capped; results are broad OSINT evidence, not a guarantee of full GitHub coverage.",
+    "Do not use, validate, or abuse exposed credentials. Preserve location evidence and report responsibly through the correct program channel.",
+]
+
+
+def build_parser() -> argparse.ArgumentParser:
+    parser = argparse.ArgumentParser(
+        prog="gitosintx",
+        description="GitOSINTX - find public GitHub repository mentions of domains and URLs.",
+        formatter_class=argparse.ArgumentDefaultsHelpFormatter,
+    )
+    target_group = parser.add_mutually_exclusive_group(required=True)
+    target_group.add_argument(
+        "-u",
+        "--url",
+        dest="url",
+        help="Single target domain or URL, e.g. https://h4rithd.com, http://h4rithd.com, or h4rithd.com",
+    )
+    target_group.add_argument(
+        "-list",
+        "--list",
+        dest="list_path",
+        help="File containing domains/URLs, one per line. Blank lines and # comments are ignored.",
+    )
+
+    parser.add_argument(
+        "-o",
+        "--output",
+        choices=["json", "html"],
+        default="html",
+        help="Report output format.",
+    )
+    parser.add_argument(
+        "--out",
+        dest="out_file",
+        help="Output report file path. Defaults to gitosintx-report.html or gitosintx-report.json.",
+    )
+    parser.add_argument(
+        "--token",
+        help="GitHub token. Prefer setting GITHUB_TOKEN instead of passing tokens on the command line.",
+    )
+    parser.add_argument(
+        "--max-pages",
+        type=int,
+        default=2,
+        help="Maximum GitHub result pages per query. GitHub allows up to 100 results per page.",
+    )
+    parser.add_argument(
+        "--per-page",
+        type=int,
+        default=50,
+        help="Results per GitHub API page. Maximum is 100.",
+    )
+    parser.add_argument(
+        "--sleep",
+        type=float,
+        default=1.0,
+        help="Delay in seconds between paginated API requests.",
+    )
+    parser.add_argument(
+        "--wait-rate-limit",
+        action="store_true",
+        help="Sleep and resume when GitHub primary/secondary rate limits are detected.",
+    )
+    parser.add_argument(
+        "--deep",
+        action="store_true",
+        help="Run additional extension/CI/config-focused queries. Slower and more rate-limit heavy.",
+    )
+    parser.add_argument(
+        "--no-repo-search",
+        action="store_true",
+        help="Disable repository metadata search and only run code search.",
+    )
+    parser.add_argument(
+        "--no-email-query",
+        action="store_true",
+        help="Do not search for @domain email-style mentions.",
+    )
+    parser.add_argument(
+        "--include-forks",
+        action="store_true",
+        help="Append fork:true to repository search queries. Code search may still include fork behavior controlled by GitHub.",
+    )
+    parser.add_argument(
+        "--quiet",
+        action="store_true",
+        help="Suppress banner and progress output.",
+    )
+    parser.add_argument(
+        "-v",
+        "--verbose",
+        action="store_true",
+        help="Print API query progress to stderr.",
+    )
+    parser.add_argument(
+        "--version",
+        action="version",
+        version=f"GitOSINTX {__version__}",
+    )
+    return parser
+
+
+def _default_out_file(fmt: str) -> str:
+    return f"gitosintx-report.{fmt}"
+
+
+def _normalize_targets(raw_targets: List[str]) -> Tuple[List[str], Dict[str, str]]:
+    mapping: Dict[str, str] = {}
+    normalized: List[str] = []
+    for raw in raw_targets:
+        domain = normalize_domain(raw)
+        mapping[raw] = domain
+        normalized.append(domain)
+    return dedupe_preserve_order(normalized), mapping
+
+
+def run_scan(args: argparse.Namespace) -> Tuple[ScanSummary, List[Finding]]:
+    started_at = ScanSummary.now_iso()
+    raw_targets = read_targets(args.url, args.list_path)
+    domains, mapping = _normalize_targets(raw_targets)
+    token = args.token or os.getenv("GITHUB_TOKEN")
+
+    client = GitHubClient(
+        token=token,
+        per_page=args.per_page,
+        max_pages=args.max_pages,
+        sleep=args.sleep,
+        wait_rate_limit=args.wait_rate_limit,
+        verbose=args.verbose,
+    )
+
+    findings_by_key: Dict[str, Finding] = {}
+    queries_executed = 0
+
+    for original_target, domain in mapping.items():
+        code_queries = build_code_queries(
+            domain,
+            deep=args.deep,
+            include_email=not args.no_email_query,
+        )
+        for query in code_queries:
+            queries_executed += 1
+            for item in client.search_code(query):
+                finding = code_item_to_finding(
+                    target=original_target,
+                    normalized_domain=domain,
+                    query=query,
+                    item=item,
+                )
+                existing = findings_by_key.get(finding.key())
+                if existing:
+                    if query not in existing.query:
+                        existing.query = f"{existing.query} || {query}"
+                    for tag in finding.tags:
+                        if tag not in existing.tags:
+                            existing.tags.append(tag)
+                    for fragment in finding.matched_fragments:
+                        if fragment not in existing.matched_fragments:
+                            existing.matched_fragments.append(fragment)
+                else:
+                    findings_by_key[finding.key()] = finding
+
+        if not args.no_repo_search:
+            repo_queries = build_repository_queries(domain)
+            for query in repo_queries:
+                if args.include_forks:
+                    query = f"{query} fork:true"
+                queries_executed += 1
+                for item in client.search_repositories(query):
+                    finding = repo_item_to_finding(
+                        target=original_target,
+                        normalized_domain=domain,
+                        query=query,
+                        item=item,
+                    )
+                    findings_by_key.setdefault(finding.key(), finding)
+
+    findings = sorted(
+        findings_by_key.values(),
+        key=lambda f: (
+            0 if "sensitive-keyword" in f.tags else 1,
+            0 if "config-file" in f.tags else 1,
+            f.repo_full_name.lower(),
+            f.file_path or "",
+        ),
+    )
+    unique_repos = len({f.repo_full_name for f in findings if f.repo_full_name})
+    summary = ScanSummary(
+        tool="GitOSINTX",
+        version=__version__,
+        started_at=started_at,
+        finished_at=ScanSummary.now_iso(),
+        targets=raw_targets,
+        normalized_domains=domains,
+        queries_executed=queries_executed,
+        findings_count=len(findings),
+        unique_repositories=unique_repos,
+        notes=DEFAULT_NOTES.copy(),
+    )
+    if not token:
+        summary.notes.append(
+            "No GitHub token was provided. Authenticated searches are strongly recommended for reliability and higher rate limits."
+        )
+    return summary, findings
+
+
+def main(argv: List[str] | None = None) -> int:
+    parser = build_parser()
+    args = parser.parse_args(argv)
+
+    if not args.quiet:
+        print(BANNER)
+
+    out_file = args.out_file or _default_out_file(args.output)
+    try:
+        summary, findings = run_scan(args)
+        if args.output == "json":
+            write_json_report(out_file, summary, findings)
+        else:
+            write_html_report(out_file, summary, findings)
+    except (ValueError, FileNotFoundError, GitHubAPIError) as exc:
+        print(f"[!] {exc}", file=sys.stderr)
+        return 2
+    except KeyboardInterrupt:
+        print("\n[!] Interrupted by user.", file=sys.stderr)
+        return 130
+
+    if not args.quiet:
+        print(f"[+] Findings: {summary.findings_count}")
+        print(f"[+] Unique repositories: {summary.unique_repositories}")
+        print(f"[+] Queries executed: {summary.queries_executed}")
+        print(f"[+] Report written: {Path(out_file).resolve()}")
+    return 0
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())