Add github-recon-v3.sh: robustness, pagination, severity model, OSINT extensions#1
Open
pepperonas wants to merge 1 commit into
Open
Add github-recon-v3.sh: robustness, pagination, severity model, OSINT extensions#1pepperonas wants to merge 1 commit into
pepperonas wants to merge 1 commit into
Conversation
Rewrite of bash/github-recon.sh with focus on robustness, performance and additional OSINT/security coverage. Original script remains untouched. Highlights: - Robust API-error handling, full pagination, retry with backoff - Sensitive-files step: 18 API calls instead of 1800 (user:X filename:Y) - Interactive token setup with gh CLI auto-detect (--setup-token) - New OSINT: public SSH/GPG keys, orgs, activity heatmap with timezone inference, Wayback Machine for deleted/renamed repos - New security: CI/CD workflow YAML scan, internal endpoint detection - Deep scan actually invokes noseyparker/gitleaks/trufflehog - Severity levels (CRITICAL/HIGH/MEDIUM/LOW/INFO), CI-ready exit codes - JSON output additionally to markdown, diff mode for tracking findings over time Adds bash/README.md describing both scripts. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Adds
bash/github-recon-v3.shnext to the existinggithub-recon.sh— a rewrite focused on robustness, performance and broader OSINT/security coverage. The original script stays untouched, the new file lives alongside it.Why
The original works as a great demo but stumbles on a few real-world edge cases (rate-limiting, pagination, search-API explosion). This version handles those and adds OSINT signals that turned out to be useful in self-audits.
Highlights
Robustness
Performance
user:X filename:Yquery, not repos×patterns)New OSINT
.keys/.gpgendpoints)New security checks
.github/workflows/*.yml— common secret source)192.168.*,.local,localhost:*)Deep scan
Workflow
--setup-token) withghCLI auto-detect--diff-from=<old-findings.json>) for tracking changes over timeCI-ready
File layout
```
bash/
github-recon.sh (original, untouched)
github-recon-v3.sh (new)
README.md (new — describes both)
```
Compatibility
Requires bash ≥ 4.0. macOS users: `brew install bash`. The original script also benefits from this (line 274 `declare -A` fails on macOS system bash 3.2).