I was thinking about passive information gathering from GitHub repositories. In addition to information from code of repositories there is a information about history of changes which can be of value to the attacker.
So I decided to write a small tool which uses the GitHub API to get the email addresses from commits history of user/organisation repositories.
It can be operated with or without the GitHub API token.
How to:
git clone https://github.com/vulnbe/github-osint
cd github-osint
python github-osint.py vulnbe
If you reach the API request limit, then use token.