loading
loading
OSINT
List all public repositories for valid GitHub usernames.
overview
enumerepo takes a list of GitHub usernames and lists every public repository each one owns. It queries the GitHub GraphQL API, so a single run maps the full public code footprint of a developer or an organization's members without clicking through profiles by hand.
It is built to stay inside GitHub's rate limits. A configurable delay between GraphQL requests, plus an automatic adjustment option that tunes that delay on the fly, keeps a large run from tripping throttling. Authentication comes from a token file or a token string, and a silent mode suppresses stdout when you only want the file output.
On Trickest, enumerepo is an OSINT node that reads a usernames file and a GitHub token and writes a folder and a file of repository URLs. Run it to enumerate an organization's public code, then hand the repositories to a secret scanner to catch leaked credentials.
use cases
List every public repo a GitHub username owns so you can scope an organization's code footprint from a set of known accounts.
Set a request delay or turn on automatic adjustment so a large enumeration runs to completion without tripping GraphQL throttling.
Pass the discovered repositories to a credential scanner so hardcoded keys and tokens in public code surface for remediation.
Run enumerepo on a schedule and diff the repository list to catch newly published or forked projects as they appear.
reference
| Name | Type | Flag | Description |
|---|---|---|---|
| usernames | FILE | -usernames | File to read usernames from. |
| token-file | FILE | -token-file | File to read the GitHub token from. |
| token-string | STRING | -token-string | GitHub token as a string. |
| delay | STRING | -delay | Time delay after every GraphQL request, in milliseconds. |
| adjust-delay | BOOLEAN | -adjust-delay | Automatically adjust the delay between requests. |
| silent | BOOLEAN | -silent | Do not print output to stdout. |
Showing key inputs. enumerepo exposes 6 inputs in total.
example
# list every public repo for a set of GitHub users, tuning the delay automaticallyenumerepo -usernames users.txt -token-file token.txt -adjust-delay[ { "user": "https://github.com/example-org", "repos": [ "https://github.com/example-org/web-frontend", "https://github.com/example-org/payments-api", "https://github.com/example-org/infra-terraform" ] }]guidance
Use enumerepo when you have GitHub usernames and want every public repository they own in bulk. To discover the usernames and orgs first, run dorky. To then scan the repos for leaked credentials, follow it with dora or dumpsterdiver.
Searches GitHub and GitLab for usernames, repos, and orgs from a target list. enumerepo expands known usernames into their full repo lists.
Scans the enumerated repositories for exposed API keys. A natural next step.
faq
related
Look up DNS records on DNSDumpster.
Look up a host on DNSDumpster.
Find lookalike domains adversaries use for typosquatting, phishing, and brand impersonation.
Look up the real IP of a host starting from its favicon and using Shodan.
Gather email account intelligence from public sources and check it against breach data.
Collect a dossier on a person by username across thousands of sites.
A usernames file feeds enumerepo, which lists every public repository for each user and passes them to dora so leaked keys land as a queryable output.
Facts on this page come from the live Trickest tool library.