• Stars
    star
    3,050
  • Rank 14,770 (Top 0.3 %)
  • Language
    Python
  • Created over 9 years ago
  • Updated almost 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A `.git` folder disclosure exploit

GitHack

This is important

All users please git pull to update source code. (2022-05-09)

GitHack is a .git folder disclosure exploit.

It rebuild source code from .git folder while keep directory structure unchanged.

GitHack是一个.git泄露利用脚本,通过泄露的.git文件夹下的文件,重建还原工程源代码。

渗透测试人员、攻击者,可以进一步审计代码,挖掘:文件上传,SQL注射等web安全漏洞。

Change Log

  • 2022-05-09: Bug fix, thanks @justinsteven .
  • 2022-04-07:Fix arbitrary file write vulnerability. Thanks for @justinsteven 's bug report, it's very helpful.
  • 2022-04-07:Add python3.x support

How It works

  • 解析.git/index文件,找到工程中所有的: ( 文件名,文件sha1 )
  • 去.git/objects/ 文件夹下下载对应的文件
  • zlib解压文件,按原始的目录结构写入源代码

Usage

python GitHack.py http://www.openssl.org/.git/

Thanks

Thanks for sbp's great work, I used his .git index parser gin - a Git index file parser.

More Repositories

1

subDomainsBrute

A fast sub domain brute tool for pentesters
Python
3,444
star
2

BBScan

A fast vulnerability scanner helps pentesters pinpoint possibly vulnerable targets from a large number of web servers
Python
2,166
star
3

ds_store_exp

A .DS_Store file disclosure exploit. It parses .DS_Store file and downloads files recursively.
Python
1,495
star
4

swagger-exp

A Swagger API Exploit
JavaScript
1,136
star
5

htpwdScan

HTTP weak pass scanner
Python
900
star
6

EasyPen

EasyPen is a GUI program which helps pentesters do target discovery, vulnerability scan and exploitation
JavaScript
606
star
7

IIS_shortname_Scanner

an IIS shortname Scanner
Python
522
star
8

eyes.sh

Optimized DNS/HTTP Log Tool for pentesters, faster and easy to use.
HTML
378
star
9

idea_exploit

Gather sensitive information from (.idea) folder for pentesters
Python
357
star
10

MisConfig_HTTP_Proxy_Scanner

The scanner helps to scan misconfigured reverse proxy servers and misconfigured forward proxy servers
Python
170
star
11

edu-dns-zone-transfer

script to scan edu.cn DNS Servers
Python
89
star
12

log4j2_vul_local_scanner

Log4j 漏洞本地检测脚本。 Scan all java processes on your host to check whether it's affected by log4j2 remote code execution vulnerability (CVE-2021-45046)
Python
85
star
13

struts2_045_scan

Struts2-045 Scanner
Python
73
star
14

OutLook_WebAPP_Brute

Microsoft Outlook WebAPP Brute
Python
64
star
15

WIFIpass

decrypt all saved WIFI passwords on your PC
Python
61
star
16

chromePass

Decrypt all saved Chrome passwords
Python
41
star
17

NPUcat

NPUcat one click proxy
Python
9
star
18

DNS_AXFR_Client

A python DNS Transfer Client
Python
8
star
19

lijiejie

1
star