Skip to content

Ebryx/GitDump

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
README.md
Updated code!
March 10, 2021 02:14
gin.py
Updated code!
March 10, 2021 02:14
git-dump.py
Updated code!
March 10, 2021 02:14
poc.png
Updated code!
March 10, 2021 02:14
GitDump Requirements Tested on What it does How it works How to Use Screenshot TODO

README.md

GitDump

Open Source Love Open Source Love

GitDump dumps the source code from .git when the directory traversal is disabled

Requirements

  • Python3

Tested on

  • Windows
  • Kali Linux

What it does

  • Dump source code from website/.git directory when directory traversal is disabled.

How it works

  • Fetch all common files (.git/index, .git/HEAD, .git/ORIG_HEAD, etc.).
  • Find as many objects (sha1) as possible by analyzing .git/packed-refs, .git/index, etc.
  • Download idx and pack files.
  • Now you can run git checkout -- . to retrieve source code.

How to Use

  • python3 git-dump.py https://website.com/.git/
  • Create the output directory and dump all the .git files in it.
  • After running above script type: cd output && git checkout -- .
  • It will recover all source code.

Screenshot

TODO

  • Search through git repository for secrets by digging deep into commit history and branches.

Credits Sean B. Palmer for his index file parser. (https://github.com/sbp/gin)

About

A pentesting tool that dumps the source code from .git even when the directory traversal is disabled

Resources

Readme
Activity

Stars

190 stars

Watchers

3 watching

Forks

34 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

Languages