Top Rating
- Top Contributors
  Discover the Top Open Source contributors by country or by language
- Interviews
  Discover real stories from Open Source developers
Discover

Discover your Favorite Language
Discover the top trending repositories and projects on Github. Explore the latest trends in your preferred languages.

Elixir

Scala

Zig

Rust

Lua

Java

Clojure

Kotlin

More Languages
Awesome

Awesome repositories
Discover the most awesome repositories and projects of your favorite languages. Inspired by the Awesome-* lists trend in GitHub.

MATLAB

Julia

Swift

R

Shell

PHP

Java

C#

More Languages
By Country

Rankings by Country
Discover the community of talented open source contributors in each country.

🇸🇧 Solomon Islands

🇾🇹 Mayotte

🇨🇻 Cabo Verde

🇧🇷 Brazil

🇸🇮 Slovenia

🇭🇺 Hungary

🇹🇴 Tonga

🇹🇬 Togo

All Countries Compare Countries

lijiejie/GitHack

Stars
3,050
Rank 14,770 (Top 0.3 %)
Language
Python
Created over 9 years ago
Updated almost 2 years ago

lijiejie/GitHack

lijiejie

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

A `.git` folder disclosure exploit

GitHack

This is important

All users please git pull to update source code. (2022-05-09)

GitHack is a .git folder disclosure exploit.

It rebuild source code from .git folder while keep directory structure unchanged.

GitHack是一个.git泄露利用脚本，通过泄露的.git文件夹下的文件，重建还原工程源代码。

渗透测试人员、攻击者，可以进一步审计代码，挖掘：文件上传，SQL注射等web安全漏洞。

Change Log

2022-05-09: Bug fix, thanks @justinsteven .
2022-04-07：Fix arbitrary file write vulnerability. Thanks for @justinsteven 's bug report, it's very helpful.
2022-04-07：Add python3.x support

How It works

解析.git/index文件，找到工程中所有的： ( 文件名，文件sha1 )
去.git/objects/ 文件夹下下载对应的文件
zlib解压文件，按原始的目录结构写入源代码

Usage

python GitHack.py http://www.openssl.org/.git/

Thanks

Thanks for sbp's great work, I used his .git index parser gin - a Git index file parser.

subDomainsBrute

A fast sub domain brute tool for pentesters

BBScan

A fast vulnerability scanner helps pentesters pinpoint possibly vulnerable targets from a large number of web servers

ds_store_exp

A .DS_Store file disclosure exploit. It parses .DS_Store file and downloads files recursively.

swagger-exp

A Swagger API Exploit

htpwdScan

HTTP weak pass scanner

EasyPen

EasyPen is a GUI program which helps pentesters do target discovery, vulnerability scan and exploitation

IIS_shortname_Scanner

an IIS shortname Scanner

eyes.sh

Optimized DNS/HTTP Log Tool for pentesters, faster and easy to use.

idea_exploit

Gather sensitive information from (.idea) folder for pentesters

MisConfig_HTTP_Proxy_Scanner

The scanner helps to scan misconfigured reverse proxy servers and misconfigured forward proxy servers

edu-dns-zone-transfer

script to scan edu.cn DNS Servers

log4j2_vul_local_scanner

Log4j 漏洞本地检测脚本。 Scan all java processes on your host to check whether it's affected by log4j2 remote code execution vulnerability (CVE-2021-45046)

struts2_045_scan

Struts2-045 Scanner

OutLook_WebAPP_Brute

Microsoft Outlook WebAPP Brute

WIFIpass

decrypt all saved WIFI passwords on your PC

chromePass

Decrypt all saved Chrome passwords

NPUcat

NPUcat one click proxy

DNS_AXFR_Client

A python DNS Transfer Client

lijiejie