Quick and dirty demonstration of a .git folder exposure exploit using git's index file to get blobs' hashes.
Made with python3.8 and asyncio.
You can try the script and test a git exposure vulnerability in this website https://wallee94.github.io/exploit-git-exposure/, running:
python main.py -f data-dump https://wallee94.github.io/exploit-git-exposure/git