Doing OSINT, you can get good insights from GitHub repositories. In addition to the code itself there are plenty of useful information in the change history, which can be of value to an attacker.

So I decided to write a small tool which uses the GitHub API to get the email addresses from commits history of user/organisation repositories.

It can be operated with or without the GitHub API token.

How to:

git clone
cd github-osint
python vulnbe

If you reach the API request limit, then you have to use API tokens.