GitHub OSINT tool — extract intelligence from any GitHub user profile.
Discover emails, estimate timezones, map tech stacks, find collaborators, and analyze activity patterns — all from your terminal. GhSpy uses the public GitHub API to gather open-source intelligence on any GitHub user.
- Email Discovery — extract real email addresses from commit history
- Timezone Estimation — estimate location from commit hour patterns
- Activity Analysis — peak hours, active days, contribution streaks
- Tech Stack Mapping — languages, topics, original vs forked repos
- Collaborator Detection — frequent interactions, orgs, following
- Identity Mapping — cross-reference commit emails and author names
pip install ghspyRequires Python 3.8+. Works on Linux, macOS, and Windows.
# Full OSINT scan
ghspy scan torvalds
# Extract emails from commit history
ghspy emails dhh
# Estimate timezone
ghspy timezone antirez
# Activity patterns
ghspy activity shazeus
# Tech stack
ghspy techstack gvanrossum
# Collaborators & organizations
ghspy collabs octocat
# Export to JSON
ghspy export torvalds --format json -o report.json
# Export to CSV
ghspy export torvalds --format csv -o report.csv| Command | Description |
|---|---|
ghspy scan <user> |
Full OSINT scan with all modules |
ghspy emails <user> |
Extract emails from commit history |
ghspy timezone <user> |
Estimate timezone from commit patterns |
ghspy activity <user> |
Activity breakdown by hour, day, and event type |
ghspy techstack <user> |
Languages, topics, and repo statistics |
ghspy collabs <user> |
Collaborators, organizations, and following |
ghspy export <user> |
Export findings to JSON or CSV |
ghspy rate-limit |
Check GitHub API rate limit |
Without a token you get 60 requests/hour. With a token you get 5,000 requests/hour. A full scan uses 20–50 requests depending on the user's repo count.
# Set as environment variable (recommended)
export GITHUB_TOKEN=ghp_your_token_here
# Or pass directly
ghspy --token ghp_xxxx scan torvaldsGenerate a token at github.com/settings/tokens — no special scopes needed for public data.
Every command supports --json-output for piping to other tools:
ghspy scan user --json-output | jq '.emails'
ghspy scan user --json-output | jq '.timezone.estimated_timezone'GhSpy queries the public GitHub REST API to collect:
- User profile — public info, bio, location, social links
- Repositories — languages, topics, fork status, activity dates
- Commit history — author emails, timestamps, committer info
- Public events — pushes, PRs, issues, comments
- Social graph — followers, following, organizations
All data is publicly available through GitHub's API. No authentication bypass or scraping is involved.
This tool only accesses publicly available data through the official GitHub API. It does not bypass access controls, scrape private information, or violate GitHub's Terms of Service. Use responsibly.