0

GitTools

A repository with 3 tools for pwn'ing websites with .git repositories available

Github 資源庫
主要指標
  • 所有者: internetwache/GitTools
  • 平台:
  • 許可證: MIT License
  • 分類:
  • 主題:
  • 喜歡:
    0
      比較:

Github星跟蹤圖

GitHub stars
GitHub license

GitTools

This repository contains three small python/bash scripts used for the Git research. Read about it here

Finder

You can use this tool to find websites with their .git repository available to the public

Usage

This python script identifies websites with publicly accessible .git repositories.
It checks if the .git/HEAD file contains refs/heads.

$ ./gitfinder.py -h

###########
# Finder is part of https://github.com/internetwache/GitTools
#
# Developed and maintained by @gehaxelt from @internetwache
#
# Use at your own risk. Usage might be illegal in certain circumstances.
# Only for educational purposes!
###########

usage: gitfinder.py [-h] [-i INPUTFILE] [-o OUTPUTFILE] [-t THREADS]

optional arguments:
  -h, --help            show this help message and exit
  -i INPUTFILE, --inputfile INPUTFILE
                        input file
  -o OUTPUTFILE, --outputfile OUTPUTFILE
                        output file
  -t THREADS, --threads THREADS
                        threads

The input file should contain the targets one per line.
The script will output discovered domains in the form of [*] Found: DOMAIN to stdout.

Scanning Alexa’s Top 1M

wget http://s3.amazonaws.com/alexa-static/top-1m.csv.zip
unzip top-1m.csv.zip
sed -i.bak 's/.*,//' top-1m.csv
./gitfinder.py -i top-1m.csv

Dumper

This tool can be used to download as much as possible from the found .git repository from webservers which do not have directory listing enabled.

Usage

$ ./gitdumper.sh -h

[*] USAGE: http://target.tld/.git/ dest-dir [--git-dir=otherdir]
		--git-dir=otherdir		Change the git folder name. Default: .git

Note: This tool has no 100% guaranty to completely recover the .git repository. Especially if the repository has been compressed into pack-files, it may fail.

Extractor

A small bash script to extract commits and their content from a broken repository.

This script tries to recover incomplete git repositories:

  • Iterate through all commit-objects of a repository
  • Try to restore the contents of the commit
  • Commits are not sorted by date

Usage

$ ./extractor.sh /tmp/mygitrepo /tmp/mygitrepodump

where

  • /tmp/mygitrepo contains a .git directory
  • /tmp/mygitrepodump is the destination directory

This can be used in combination with the Git Dumper in case the downloaded repository is incomplete.

Demo

Here's a small demo of the Dumper tool:

asciicast

Requirements

  • git
  • Python 3+
  • curl
  • bash
  • sed

License

All tools are licensed using the MIT license. See LICENSE.md

主要指標

概覽
名稱與所有者internetwache/GitTools
主編程語言Shell
編程語言Shell (語言數: 2)
平台
許可證MIT License
所有者活动
創建於2015-04-18 21:06:33
推送於2023-06-14 11:34:06
最后一次提交2022-02-22 00:40:24
發布數1
最新版本名稱v0.0.1 (發布於 )
第一版名稱v0.0.1 (發布於 )
用户参与
星數4.1k
關注者數89
派生數633
提交數70
已啟用問題?
問題數25
打開的問題數4
拉請求數21
打開的拉請求數2
關閉的拉請求數2
项目设置
已啟用Wiki?
已存檔?
是復刻?
已鎖定?
是鏡像?
是私有?