Octosuite, an open-source intelligence (OSINT) framework, recently released its latest version 3.1.0. Octosuite provides a wide range of commands to investigate publicly-visible GitHub accounts and repositories through GitHub’s Public APIs.

Written in Python, Octosuite provides a secure and user-friendly interface to easily search and explore data related to a repository, organization, or user. The search feature also looks for topics, commits, and issues to quickly locate relevant data. All the results of searches are exported in a comma-separated value (CSV) readable format.

Source - Octosuite: A New Tool to Conduct Open Source Investigations on GitHub - bellingcat

Users can get started with Octosuite through a command-line interface (CUI) or graphical user interface. While CLI is more flexible in processing the batch processing of data, GUI allows users to search commands from a dropdown menu. The installation guide for Octosuite is available here.

Once Octosuite is installed, the user needs to run octosuite in the terminal. At the time of launch, Octosuite will attempt to create three directories - .logs for storing logs of each session, output to save CSV files, and download folder where the source code from the source command will be saved.

To use different capabilities like getting user profile or organization profile info, search, log, and CSV management, Octosuite has subcommands. Some subcommands in the context of searching users are provided below: 

        Search Users
        ------------
        octosuite --method users_search --query <query>

        Search Issues
        -------------
        octosuite --method issues_search --query <query>

        Search Commits
        --------------
        octosuite --method commits_search --query <query>

        Search Topics
        -------------
        octosuite --method topics_search --query <query>

        Search Repositories
        -------------------
        octosuite --method repos_search --query <query>

We are seeing that the Open Source Intelligence market is expected to experience significant growth over the next five years, with around 26% of organizations using open-source investigation tools already. As a side, readers can also refer to this list of OSINT resources.

Octosuite is an important tool for open-source investigators, security researchers, and anyone who needs to analyze and investigate data stored on GitHub quickly. For example, Octosuite can be used to investigate incidents like the 2022 GitHub Malware Attack, where more than 35,000 repositories were affected by a single user account.

Bellingcat Tech Team, creator of Octosuite has encouraged feedback from the community about the tool. Users can fill out this form to share how they’ve used Octosuite in their research or investigation.