GitDump – A Pentesting Tool That Dumps The Source Code From .Git Even When The Directory Traversal Is Disabled

July 8, 2021
GitDump 3 poc

GitDump dumps the source code from .git when the directory traversal is disabled

Requirements

  • Python3

Tested on

  • Windows
  • Kali Linux

What it does

  • Dump source code from website/.git directory when directory traversal is disabled.

How it works

  • Fetch all common files (.git/index, .git/HEAD, .git/ORIG_HEAD, etc.).
  • Find as many objects (sha1) as possible by analyzing .git/packed-refs, .git/index, etc.
  • Download idx and pack files.
  • Now you can run git checkout — . to retrieve source code.

How to Use

  • python3 git-dump.py https://website.com/.git/
  • Create the output directory and dump all the .git files in it.
  • After running above script type: cd output && git checkout -- .
  • It will recover all source code.

TODO

  • Search through git repository for secrets by digging deep into commit history and branches.

Credits Sean B. Palmer for his index file parser. (https://github.com/sbp/gin)

Download GitDump

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source
Tags: , , , ,

You may have missed

news

OpenAI Account Breach Claim Debunked by Researchers

February 12, 2025
news

Apple Security Update: Urgent Fix for Zero-Day Exploit on iPhone and iPad

February 12, 2025
news

DDoS Attack Volume Surges: Unprecedented Growth in 2024

February 12, 2025
news

SEC X Account Breach: Alabama Hacker Pleads Guilty to Cyber Crime

February 12, 2025
news

Ransomware Crackdown: 8Base Leak Site Seized and Phobos Suspects Arrested in Thailand

February 12, 2025