The information presented is for learning and investigative purposes using OSINT (Open Source Intelligence). This post discusses a way to gain information on a GitHub user through their commit id. Tools required: A web browser.

I was playing one of Kase Scenario games. If you haven’t heard if them, give it a look. Kase scenarios are online OSINT games, which train different concepts. I learn new things all the time in their games, such as: .patch

As part of one Kase Scenario, there’s a scenario where someone is given a threat letter demanding money, and the player has to find details on the sender. After several steps of digging into the letter, I found the public GitHub account used to generate the threat letter using some code. I got stumped though. I couldn’t find any public data on the account.

Then I read a hint that taught me something new: if you go to commit details and append .patch to the URL string of the commit, details will output to the browser. These can include full names, emails, etc. This worked out for the game, and in real life, it also pulls up information that isn’t readily available.

Even if the user doesn’t expose their email explicitly in their profile, it can be rooted out by pulling up a commit, and simply adding a .patch to the end.

Real World Example

For example, going to go to a random GitHub repo that I know nothing about, I pulled up commits to a random branch:

On the right hand side is a partial hash of the commit id, clicking one will pull up the commit details. Look at the URL of the commit detail, it will look like this (I’ve omitted the complete URL):
https://github.com/…./commits/bfd0c92826c7290b433bdb23bbc6b26245c35f7d

If we take that url and append .patch to the end, like so:

….commits/bfd0c92826c7290b433bdb23bbc6b26245c35f7d.patch

This will pull up the commit detail and sometimes we get emails and sometimes we get full names as well.

When running an investigation, this can help identify points of interest where GitHub repo’s are discovered.