Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add docuentation for auxiliary/scanner/http/git_scanner module #12429

Closed
wants to merge 1 commit into from

Conversation

@weh
Copy link
Contributor

weh commented Oct 8, 2019

Adds docuentation for auxiliary/scanner/http/git_scanner module
see #12389

Verification

  • Start msfconsole
  • use auxiliary/scanner/http/git_scanner
  • info -d
  • Check spelling and grammar
@weh weh referenced this pull request Oct 8, 2019
1 of 1 task complete
@h00die

This comment has been minimized.

Copy link
Contributor

h00die commented Oct 8, 2019

I like your inclusion of the wordpress docker image. How about this. When #12423 lands, you can submit a PR to add that in.

Also, I noticed you created secrets.yml but then the scanner never looked/downloaded it. Do you think that would be worth adding? I feel like it would be a good idea to extend the module to grab that file as well. Is that something you think you can do? I can write an issue you can reference for it if you want.

@h00die h00die closed this Oct 8, 2019
@weh

This comment has been minimized.

Copy link
Contributor Author

weh commented Oct 9, 2019

the secrets.yml was added to have a committed file in the repo.
I was thinking about grabbing more files than just the config. Is this the correct place for dowloading possibly a complete git repo, or is there another type of module like auxiliary/gather?

@h00die

This comment has been minimized.

Copy link
Contributor

h00die commented Oct 12, 2019

Not that it can't be changed, but it looks like the original purpose was to just get any info disclosure files. I would caution about downloading the entire git repo, since they can get large. However, this would be the right place to pick out specific files of interest known to git (there are other modules for 'sensitive' files in http

@h00die

This comment has been minimized.

Copy link
Contributor

h00die commented Oct 12, 2019

I forget the file, but one file has all the commit history in it, parsing that for usernames would be a good idea!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.