Tips Search on Github
You are required to log in to get the best results
- Navigate on Github search
- Search by "search qualifier." on Github, here the example qualifier
Useful Git Command
- git show -> Show details of the latest commit
- git logs -> Show full commit history
- git diff -> Show unstaged changes
- git log --graph --oneline --all -> Show history with branch graph
Analysis with Github event API
This case possible to view commit message git when --force with the developer or contributor. You can see the commit with the GitHub event, but keep in mind that GitHub events still store it (it hasn't been deleted). I experienced this when I was working with my college friends XD. Or you can see the Github forks, sometime there is people doesnt update or sync with the main repo or check the pull request
Doc : https://docs.github.com/en/rest/activity/events?apiVersion=2022-11-28
Request Github forks
curl https://api.github.com/repos/OWNER/REPO/forks
Then
git log --all --oneline --graph
Github event API, check event commit SHA message from Github repo, this request need auth with your account. You can use curl or postman for hit the API
Request
curl \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer YOUR_GITHUB_TOKEN" \
https://api.github.com/repos/OWNER/REPO/events
Response
{
"type": "PushEvent",
"payload": {
"before": "OLD_SHA_BEFORE_FORCE",
"head": "NEW_SHA_AFTER_FORCE"
}
}
Desc for response body
before -> commit before force-push
head -> commit after force-push
If you find a before value, it is the SHA commit before the forced push that was lost from the branch. You can use that SHA to view the commit data or even restore it.
View commit
curl \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer YOUR_GITHUB_TOKEN" \
https://api.github.com/repos/OWNER/REPO/commits/OLD_SHA_BEFORE_FORCE
The JSON response will provide:
-
message commit
-
author
-
diff file
Github search operator other metadata
Repository & Owner
repo:owner/repo
user:username
org:orgname
File & Code
filename:name
path:path
extension:ext
language:lang
Text & Content
in:name
in:description
in:readme
in:file
in:path
Issue & PR
is:issue
is:pr
is:open / is:closed
author:user
assignee:user
mentions:user
commenter:user
label:label
milestone:name
Repo Metadata
stars:>100
forks:<50
size:>1000
created:>=2024-01-01
pushed:>2025-08-01
archived:true
Example
repo:olliebennett/getavatar.info path:*.js hash
You can hunting for search initial access or something like username, mention or other things
- Or you can clone the repo target for deep analysis, because Github search have many factor:
- Repo content changes
- If there are new commits, files deleted, renamed, or added, the search results will change accordingly.
- However, these changes don't appear immediately — GitHub needs time (sometimes minutes, sometimes hours) to update the index.
- Indexing delay & caching
- GitHub doesn't read the repository contents directly from the disk every time we search.
- It uses a search index that is periodically refreshed.
- This means you can open a file directly in the repository and see the keyword there, but the search hasn't found it yet.
and other things, so you can analysis manual with command grep to gather information
git -C ../<pathdir> grep -n "ip" -- '*.c'
- There is another way, which is to search everything in the Github repo, but after I tried it, there were some shortcomings, such as the search results for each user being different because Github has its own way of indexing data, so there is a possibility of missing or not fetching something. However, this can still be used if you want to find initial access
Results
- You can also use the Github advanced search, its like Google dorking with fillter by paramater
and analysis the results
- Happy hunting, soon i will added code search
Endpoint list Github