> For the complete documentation index, see [llms.txt](https://jieyab89-osint.gitbook.io/jieyab89-osint-cheat-sheet-wiki-tips/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://jieyab89-osint.gitbook.io/jieyab89-osint-cheat-sheet-wiki-tips/scripting-for-osint/enumerate-and-attack-surface-w-github.md). # Enumerate and Attack Surface w Github ## Tips Search on Github You are required to log in to get the best results 1. Navigate on Github search 2. Search by "search qualifier." on Github, here the example qualifier ## Useful Git Command * git show -> Show details of the latest commit * git logs -> Show full commit history * git diff -> Show unstaged changes * git log --graph --oneline --all -> Show history with branch graph Analysis with Github event API This case possible to view commit message git when --force with the developer or contributor. You can see the commit with the GitHub event, but keep in mind that GitHub events still store it (it hasn't been deleted). I experienced this when I was working with my college friends XD. Or you can see the Github forks, sometime there is people doesnt update or sync with the main repo or check the pull request Doc : Request Github forks ``` curl https://api.github.com/repos/OWNER/REPO/forks ``` Then ``` git log --all --oneline --graph ``` Github event API, check event commit SHA message from Github repo, this request need auth with your account. You can use curl or postman for hit the API Request ``` curl \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer YOUR_GITHUB_TOKEN" \ https://api.github.com/repos/OWNER/REPO/events ``` Response ``` { "type": "PushEvent", "payload": { "before": "OLD_SHA_BEFORE_FORCE", "head": "NEW_SHA_AFTER_FORCE" } } ``` Desc for response body before -> commit before force-push head -> commit after force-push If you find a before value, it is the SHA commit before the forced push that was lost from the branch. You can use that SHA to view the commit data or even restore it. View commit ``` curl \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer YOUR_GITHUB_TOKEN" \ https://api.github.com/repos/OWNER/REPO/commits/OLD_SHA_BEFORE_FORCE ``` The JSON response will provide: * message commit * author * diff file Github search operator other metadata Repository & Owner > repo:owner/repo > > user:username > > org:orgname File & Code > filename:name > > path:path > > extension:ext > > language:lang Text & Content > in:name > > in:description > > in:readme > > in:file > > in:path Issue & PR > is:issue > > is:pr > > is:open / is:closed > > author:user > > assignee:user > > mentions:user > > commenter:user > > label:label > > milestone:name Repo Metadata > stars:>100 > > forks:<50 > > size:>1000 > > created:>=2024-01-01 > > pushed:>2025-08-01 > > archived:true Example ``` repo:olliebennett/getavatar.info path:*.js hash ```

You can hunting for search initial access or something like username, mention or other things 3. Or you can clone the repo target for deep analysis, because Github search have many factor: * Repo content changes 1. If there are new commits, files deleted, renamed, or added, the search results will change accordingly. 2. However, these changes don't appear immediately — GitHub needs time (sometimes minutes, sometimes hours) to update the index. * Indexing delay & caching 1. GitHub doesn't read the repository contents directly from the disk every time we search. 2. It uses a search index that is periodically refreshed. 3. This means you can open a file directly in the repository and see the keyword there, but the search hasn't found it yet. and other things, so you can analysis manual with command grep to gather information ``` git -C ../ grep -n "ip" -- '*.c' ```

4. There is another way, which is to search everything in the Github repo, but after I tried it, there were some shortcomings, such as the search results for each user being different because Github has its own way of indexing data, so there is a possibility of missing or not fetching something. However, this can still be used if you want to find initial access

Results

5. You can also use the Github advanced search, its like Google dorking with fillter by paramater

and analysis the results 6. Happy hunting, soon i will added code search Endpoint list Github * * * * * * --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://jieyab89-osint.gitbook.io/jieyab89-osint-cheat-sheet-wiki-tips/scripting-for-osint/enumerate-and-attack-surface-w-github.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.