sinner/glint
1
0
Fork 0
Code Issues Pull requests Activity
No description
5 commits 1 branch 4 tags 104 KiB
  • Go 100%
Find a file
sinner 613cd67014
 refactor: extract client pool building into closure and add token re-prompt on validation failure
2026-05-03 15:36:14 +00:00
cmd/glint refactor: extract client pool building into closure and add token re-prompt on validation failure 2026-05-03 15:36:14 +00:00
internal refactor: restructure summary section to group identity data with enhanced visualization 2026-05-03 14:41:01 +00:00
.gitignore feat: add Likely Alts detection engine 2026-05-03 06:44:03 +00:00
go.mod feat: add Likely Alts detection engine 2026-05-03 06:44:03 +00:00
go.sum feat: add Likely Alts detection engine 2026-05-03 06:44:03 +00:00
README.md feat: add Likely Alts detection engine 2026-05-03 06:44:03 +00:00

README.md

glint

GitHub Intelligence Tool — extract emails, social connections, hidden attributions, and secrets from commit history.

glint goes beyond typical GitHub OSINT (which just scrapes a single email address) by deep-diving into commit metadata to surface:

  • All email addresses used across a user's entire commit history, including external contributions to other repos
  • Hidden attributionsCo-authored-by trailers, Signed-off-by lines, and @mentions in commit messages that reveal collaborators who never appear in the GitHub UI
  • Social graph — maps collaborators, co-authors, stargazers, and forkers to build a relationship network around the target
  • Secrets & patterns — scans commit patches for leaked API keys, tokens, credentials, and interesting patterns (IPs, UUIDs, etc.)
  • Activity patterns — timestamp analysis revealing work schedule, timezone, and unusual hour commits

Install

go install codeberg.org/sinner/glint/cmd/glint@latest

Usage

glint [options] <username|email>

Options

Flag Description
-t, --token <tok> GitHub personal access token
--token-file <path> File with one token per line (pool mode)
-P, --proxy <url> HTTP proxy
-d, --details Show commit details per email
-s, --secrets Scan commits for leaked secrets
-i, --interesting Show interesting patterns
-p, --profile Profile only — skip repo analysis
-q, --quick Quick mode — ~50 recent commits per repo
-T, --timestamps Analyze commit timestamp patterns
-F, --forks Include forked repos in scan
-S, --stargazers Map stargazers into social graph
-f, --forkers Map forkers into social graph
-j, --json JSON output
--csv CSV output

Examples

# Basic scan
glint torvalds

# Full intelligence run with social graph
glint -d -s -S -f -T torvalds

# Quick scan with JSON export
glint -q -j torvalds > intel.json

# Resolve email to username, then scan
glint user@example.com

Environment Variables

Variable Description
GLINT_GITHUB_TOKEN GitHub token (fallback)
GITHUB_TOKEN GitHub token (fallback)

What Makes glint Different

Most GitHub OSINT tools stop at the profile email. glint:

  1. Crawls every commit across all repos (owned + external contributions)
  2. Parses commit trailers (Co-authored-by, Signed-off-by) to find people who collaborated but don't show in the GitHub UI
  3. Extracts @mentions from commit messages
  4. Cross-references committer vs author to detect email mismatches
  5. Maps the social network — who stars, forks, and contributes to the same repos
  6. Analyzes timestamps to infer timezone and work patterns
  7. Scans for secrets in commit patches (AWS keys, tokens, connection strings, etc.)

License

MIT