Developers tend to re-use endpoints in different projects, this Python script fetches all public repositories from a GitHub user or organization, lists all files with specific extensions, and examines their contents to detect web routes using configurable regular expressions.
- Fetches all public repositories from a GitHub user or organization
- Automatically detects whether the input is a user or organization
- Recursively searches all directories in repositories
- Lists files with configurable extensions (defined in
settings.yaml) - Examines file contents to detect web routes
- Configurable regex patterns for different frameworks (Flask, Laravel, Express.js, etc.)
- Handles pagination for users/organizations with many repositories
- Supports GitHub personal access tokens for higher rate limits
- Error handling for API requests
- Docker support for easy deployment
- Clone or download this repository
- Install the required dependencies:
pip install -r requirements.txt- Clone or download this repository
- Build the Docker image:
docker build -t github-route-detector .The script uses a settings.yaml file to configure file extensions and route detection patterns:
# File extensions to search for in repositories
file_extensions:
- py
- php
- rs
- java
- js
- aspx
- cs
- go
- rb
# Regular expressions to detect web routes in files
route_patterns:
# Python Flask routes
- name: "Flask Route"
pattern: "\\.route\\(\\s*(\\'|\\\")([^\\'\\\"]{1,})(\\'|\\\")\\)"
framework: "Flask"
language: "python"
# Laravel routes
- name: "Laravel Route"
pattern: "Route::([a-z]{1,})\\((\\s*(\\'|\\\")([^\\'\\\"]{1,})(\\'|\\\"))"
framework: "Laravel"
language: "php"
# Express.js routes
- name: "Express.js Route"
pattern: "\\.(get|post|put|delete|patch)\\(\\s*(\\'|\\\")([^\\'\\\"]{1,})(\\'|\\\")"
framework: "Express.js"
language: "javascript"
# GitHub API settings
github:
# Maximum files per repository to fetch (to avoid rate limits)
max_files_per_repo: 1000
# Maximum repositories to process (0 = unlimited)
max_repos: 0
# Maximum file size to download and analyze (in bytes, 0 = unlimited)
max_file_size: 1048576 # 1MBYou can modify this file to:
- Search for different file extensions
- Add custom regex patterns for other frameworks
- Adjust API limits and file size restrictions
python github_org_contributors.py <username_or_organization>Examples:
python github_org_contributors.py microsoft
python github_org_contributors.py octocat
python github_org_contributors.py torvalds# With GitHub personal access token (recommended for large users/organizations)
python github_org_contributors.py microsoft --token YOUR_GITHUB_TOKEN
# Use custom settings file
python github_org_contributors.py microsoft --settings custom_settings.yaml
# Combine options
python github_org_contributors.py microsoft --token YOUR_GITHUB_TOKEN --detailed# Build and run in one command
docker run --rm github-route-detector microsoft
# Or if you've already built the image
docker run --rm github-route-detector octocat# Show detailed route information
docker run --rm github-route-detector microsoft --detailed
# With GitHub token (pass as environment variable)
docker run --rm -e GITHUB_TOKEN=your_token_here github-route-detector microsoft --token $GITHUB_TOKEN
# Use custom settings file (mount volume)
docker run --rm -v $(pwd)/custom_settings.yaml:/app/settings.yaml github-route-detector microsoft --settings settings.yaml# Basic usage
docker-compose run --rm github-repo-lister microsoft
# With detailed output
docker-compose run --rm github-repo-lister microsoft --detailed
# With GitHub token
docker-compose run --rm -e GITHUB_TOKEN=your_token_here github-repo-lister microsoft --token $GITHUB_TOKENname: GitHub username or organization name (required)--token: GitHub personal access token (optional, for higher rate limits)--detailed: Show detailed route information (optional)--settings: Path to settings file (default: settings.yaml)
For users/organizations with many repositories, it's recommended to use a GitHub personal access token to avoid rate limiting:
- Go to GitHub Settings → Developer settings → Personal access tokens
- Generate a new token with
public_reposcope (for public repositories) - Use the token with the
--tokenargument
The script provides:
- Endpoints - Endpoints that you might be able to use against other targets
The script includes regex patterns for detecting routes in:
- Flask (Python) -
@app.route()decorators - Laravel (PHP) -
Route::get(),Route::post(), etc. - Express.js (JavaScript) -
app.get(),app.post(), etc. - Django (Python) -
path()URL patterns - ASP.NET (C#) -
[Route()]attributes - Ruby on Rails (Ruby) -
getroute definitions - Go HTTP (Go) -
HandleFunc()andHandle()methods
You can easily add more patterns by editing the settings.yaml file.
The script handles various error scenarios:
- Invalid usernames or organization names
- Network connectivity issues
- API rate limiting (with appropriate delays)
- Missing repositories or files
- Invalid settings file format
- File decoding errors
- Invalid regex patterns
- Without token: 60 requests per hour (GitHub API limit)
- With token: 5000 requests per hour
For users/organizations with many repositories, using a personal access token is highly recommended.
requests: HTTP library for API callsPyYAML: YAML file parsingargparse: Command line argument parsing- Standard library modules:
sys,typing,datetime,os,urllib,re,base64,collections
Dockerfile: Container definitiondocker-compose.yml: Docker Compose configuration.dockerignore: Files to exclude from Docker build
This script is provided as-is for educational and utility purposes.