loading
loading
Recon
Mine scraped GitHub archive CSVs for the repos and users worth a closer look.
overview
gh-investigator reads CSV files produced from GitHub archive scrapes and filters for repositories or users that meet star, fork, and watcher thresholds.
It is an offline analysis step: you point it at local CSVs and logs rather than hammering the live GitHub API during investigation.
Use it after archive collection when you need the noisy public firehose reduced to repos worth manual review.
use cases
Feed in the repos and users CSVs from a scrape and apply popularity thresholds so analysts review the standout accounts instead of every exported row.
Set minimum forks, stars, and watchers to keep only the projects with real traction, which is where internal tooling and leaked material tend to cluster.
Run it across a folder of logged repo and user CSVs to map which projects and developers carry the most weight around a target organization.
Use the filtered folder as the input list for secret scanning or contributor analysis so those slower stages run only against the repos that cleared the bar.
reference
| Name | Type | Flag | Description |
|---|---|---|---|
| repos-file | FILE | --repos-file | The path of the file containing the repos csv files. |
| users-file | FILE | --users-file | The path of the file containing the users csv files. |
| logs-folder | FOLDER | --logs-folder | The path of the folder containing the users and/or repos csvs. |
| minimum-forks | STRING | --minimum-forks | Min forks of repos. |
| minimum-stars | STRING | --minimum-stars | Min stars of repos. |
| minimum-watchers | STRING | --minimum-watchers | Min watchers of repos. |
Showing key inputs. gh-investigator exposes 6 inputs in total.
example
# gh-investigator: filter archive CSVs for notable reposgh-investigator --repos-file repos.csv --minimum-stars 50 --minimum-forks 10example/security-tools stars=120 forks=40example/infra-scripts stars=80 forks=12example/legacy-api stars=55 forks=10example/docs stars=60 forks=8example/sdk stars=200 forks=70guidance
Reach for gh-investigator once a scraper has already pulled GitHub repo and user CSVs and you need to cut them down to the interesting rows. It does not collect data itself, so run it after a scraping stage and tune the minimum forks, stars, and watchers to set the bar.
Scans repos for leaked secrets. Run it on the high-signal repos gh-investigator surfaces, not instead of it.
Another secret scanner for git history. gh-investigator picks which repos are worth that scan.
Pulls subdomains from GitHub code search. A different GitHub-OSINT angle that complements the CSV filtering.
faq
related
Asynchronous DNS brute-force tool for fast subdomain enumeration.
OWASP Amass: network mapping and external asset discovery.
OWASP Amass intel: find an organization's root domains and ranges.
OWASP Amass enumeration that produces structured JSON output.
Find related domains and subdomains via shared Google Analytics IDs.
Find domains and subdomains potentially related to a given domain.
A folder of scraped GitHub CSVs feeds gh-investigator, which filters by forks, stars, and watchers and writes the standout repos and users as a folder of results.
Facts on this page come from the live Trickest tool library.