deadly.rip

What It Is

DEADLY.RIP is a GitHub OSINT reconnaissance platform. It is not positioned as a traditional firewall, EDR, or vulnerability scanner; instead, it extracts intelligence signals from GitHub’s official public API. For a given public GitHub user, it can collect profile information, repositories, commit emails, activity events, gists, follow relationships, and starred repos, then generate a unified intelligence view.

Core Capabilities and Deployment

Its core capability is commit-level email extraction: it scans commit metadata across up to 50 public repositories to identify public emails, noreply emails, and potentially exposed emails that may not have been intentionally disclosed. Beyond that, it also provides repository language and topic statistics, social graphing, a public activity timeline of up to 200 events, timezone estimation based on push times, and technology fingerprint analysis. In terms of deployment, it is a web application that runs in the browser. The documentation explicitly states that all requests are sent directly from the browser to the GitHub API, that GitHub tokens and collected data are not sent to DEADLY.RIP servers, and that tokens are not stored persistently.

Pricing and Limits

Pricing uses one-time keys: $4.50 for 24 hours, $12.50 for 7 days, and $20.50 for 30 days. There are no subscriptions or auto-renewals, and keys can be stacked. Without a token, it is subject to GitHub’s unauthenticated limit of 60 requests per hour, which is only suitable for a small number of lightweight account checks. With a GitHub PAT that has no scopes, the limit increases to 5,000 requests per hour, making it more suitable for full deep scans.

Pros and Cons

The advantages are centralized information aggregation and convenient exports, with support for JSON, email CSV, and clipboard copying. Its security notes are also relatively detailed, emphasizing read-only public data and minimum-permission tokens. The downsides are that coverage is limited to public GitHub data and it cannot access private repositories. It also does not disclose its company entity, country, compliance certifications, or payment methods. Its management and alerting features appear limited to rate-limit counters, with no team audit, centralized policy, or continuous monitoring capabilities.

Who It’s For and Access from China

It is suitable for security research, early-stage bug bounty reconnaissance, enterprise self-checks for developer email leaks in public commits, and legitimate OSINT investigations. Since the main text does not provide information on mainland China accessibility, payment availability, or localization, china_access can only be considered unknown. Actual use also depends on the accessibility of the GitHub API. Alternatives to consider include GitHub’s native API/search, Gitleaks, TruffleHog, SpiderFoot, Maltego, and theHarvester.