Pentest Book
Search…
GitHub

Tools

1
# GitDump
2
https://github.com/Ebryx/GitDump
3
# GitDumper
4
https://github.com/internetwache/GitTools
5
If we have access to .git folder:
6
./gitdumper.sh http://example.com/.git/ /home/user/dump/
7
git cat-file --batch-check --batch-all-objects | grep blob git cat-file -p HASH
8
# GitGot
9
https://github.com/BishopFox/GitGot
10
./gitgot.py --gist -q CompanyName./gitgot.py -q '"example.com"'./gitgot.py -q "org:github cats"
11
# GitRob https://github.com/michenriksen/gitrob
12
gitrob website.com
13
# GitHound https://github.com/tillson/git-hound
14
echo "domain.com" | githound --dig --many-results --languages common-languages.txt --threads 100
15
# GitGrabber https://github.com/hisxo/gitGraber
16
# SSH GIT https://shhgit.darkport.co.uk/
17
# GithubSearch
18
https://github.com/gwen001/github-search
19
# Trufflehog
20
trufflehog https://github.com/Plazmaz/leaky-repo
21
trufflehog --regex --entropy=False https://github.com/Plazmaz/leaky-repo
22
# If you have public .git
23
https://github.com/HightechSec/git-scanner
24
# GitMiner
25
# wordpress configuration files with passwords
26
python3 gitminer-v2.0.py -q 'filename:wp-config extension:php FTP\_HOST in:file ' -m wordpress -c pAAAhPOma9jEsXyLWZ-16RTTsGI8wDawbNs4 -o result.txt
27
# brasilian government files containing passwords
28
python3 gitminer-v2.0.py --query 'extension:php "root" in:file AND "gov.br" in:file' -m senhas -c pAAAhPOma9jEsXyLWZ-16RTTsGI8wDawbNs4
29
# shadow files on the etc paste
30
python3 gitminer-v2.0.py --query 'filename:shadow path:etc' -m root -c pAAAhPOma9jEsXyLWZ-16RTTsGI8wDawbNs4
31
# joomla configuration files with passwords
32
python3 gitminer-v2.0.py --query 'filename:configuration extension:php "public password" in:file' -m joomla -c pAAAhPOma9jEsXyLWZ-16RTTsGI8wDawbNs4
33
34
# GitLeaks
35
sudo docker pull zricethezav/gitleaks
36
sudo docker run --rm --name=gitleaks zricethezav/gitleaks -v -r https://github.com/zricethezav/gitleaks.git
37
or (repository in /tmp)
38
sudo docker run --rm --name=gitleaks -v /tmp/:/code/ zricethezav/gitleaks -v --repo-path=/code/repository
39
40
# GitJacker - for exposed .git paths
41
# https://github.com/liamg/gitjacker
42
curl -s "https://raw.githubusercontent.com/liamg/gitjacker/master/scripts/install.sh" | bash
43
gitjacker url.com
44
45
# Then visualize a commit:
46
https://github.com/[git account]/[repo name]/commit/[commit ID]
47
https://github.com/zricethezav/gitleaks/commit/744ff2f876813fbd34731e6e0d600e1a26e858cf
48
49
# Manual local checks inside repository
50
git log
51
# Checkout repo with .env file
52
git checkout f17a07721ab9acec96aef0b1794ee466e516e37a
53
ls -la
54
cat .env
55
56
# Find websites from GitHub
57
https://github.com/Orange-Cyberdefense/versionshaker
Copied!
Last modified 4mo ago
Export as PDF
Copy link