SOTL-22.1. Check Commits Of Source Code

> [!info] > Input: [[Social Media Account|source code repository in GitHub]] > Output: [[Name|names]], [[Email Address|email addresses]], [[Connection Between People|connections between anonymous, working and personal accounts]] > > Types: [[Behavioural Weakness|behavioural]] > Weakness: [[SOWEL-22. Providing Contact Information]] ### Explanation Git is one of the most popular version control systems for source code. Each modification — a set of edits, also known as a commit — is stored independently and has a unique hash. Additionally, each commit identifies two people: the author and the committer, with full names and email addresses, which is very useful for OSINT investigations. But it's not that simple to do it manually: GitHub, as a most popular social media platform for developers, respects privacy and hides contact details in the web interface. Therefore, analyzing repositories turns into sequentially cloning each one and manually checking them. This process is long and tedious, especially if there are dozens. But it's worth it, and you need to have the tools for this. ![[xz_github_example.png]] **Process.** Each commit of source code contains info about author and committer. The author is the person who made the changes. The committer enters these changes into the code (applies patches, merges branches, approves PRs). If someone codes alone, they are both the author and the committer. If the author makes patches to someone else’s code — whether through a web interface or via email — then the committer will be another person: the repository owner, someone who has the rights to apply patches, or a system robot from GitHub making the changes. So, you have to check both fields, taking into account repository owner info. **Conclusion.** Extracting information from GitHub repositories are sometimes key to de-anonymizing cybercriminals. Even a single misconfiguration can help identify malware developers and find connections between people. And from the chain of interactions in source code, a graph of connections between people is formed, including contact details, allowing to conduct links analysis. ### Examples - [Unlocking GitHub for OSINT](https://blog.sociallinks.io/center-of-excellence-column-unlocking-github-for-osint/) - an introduction article about data available in GitHub and ways to use it - [Difference between author and committer in Git](https://stackoverflow.com/questions/18750808/difference-between-author-and-committer-in-git) - a nice explanation of git mechanisms ### Tools - [octosuite](https://github.com/bellingcat/octosuite) - a framework for gathering open-source intelligence on GitHub users, repositories and organisations from Richard Mwewa (Bellingcat) - [GitFive](https://github.com/mxrch/GitFive)- an ingenious tool for extracting all kinds of data for GitHub accounts from mxrch - [gitcolombo](https://github.com/soxoj/gitcolombo) - extraction and analysis of contributors from git repositories ### See also - [[SOWEL-9. Saving Contacts]]