Git Scanner Framework
This tool can scan websites with open .git repositories for Bug Hunting/ Pentesting Purposes and can dump the content of the .git repositories from webservers that found from the scanning method. This tool works with the provided Single target or Mass Target from a file list.
Installation
- git clone https://github.com/HightechSec/git-scanner
- cd git-scanner
- bash gitscanner.sh
or you can install in your system like this
- git clone https://github.com/HightechSec/git-scanner
- cd git-scanner
- sudo cp gitscanner.sh /usr/bin/gitscanner && sudo chmod +x /usr/bin/gitscanner
- $ gitscanner
Usage
- Menu's
- Menu
1is for scanning and dumping git repositories from a provided file that contains thelist of the target urlor a providedsingle target url. - Menu
2is for scanning only a git repositories from a provided file that contains thelist of the target urlor a providedsingle target url. - Menu
3is for Dumping only the git repositories from a provided file that containslist of the target urlor a providedsingle target url. This will work for theMaybe VulnResults or sometimes with a repository that had directory listing disabled or maybe had a403 Error Response. - Menu
4is for Extracting files only from a Folder that had .git Repositories to a destination folder
- Menu
- URL Format
- Use
http://likehttp://example.comorhttps://likehttps://example.comfor the url formatting - Make sure use this format in the files that contains the list of possible target that you have, Example:
- Use
- Extractor
- When using Extractor, make sure the location of the git repositories that you select are correct. Remember, The first option is for inputing the
Selected git repositoryand the second option is for inputing theDestination folder
- When using Extractor, make sure the location of the git repositories that you select are correct. Remember, The first option is for inputing the
Requirements
- curl
- bash
- git
- sed
Todos
- Creating a
Docker Imagesif it's possible -
Adding Extractor on the next VersionAdded in version 1.0.2#beta but still experimental. - Adding
Thread ProcessingMulti Processing (Bash doesn't Support Threading)
Changelog
All notable changes to this project listed in this file
Credits
Thanks to:
-
创建一个新文件 ~/.gitignore ,并将以下内容添加进去,这样全部 git 仓库将会忽略以下内容所提及的文件。 # Folder view configuration files .DS_Store Desktop.ini # Thumbnail cache files ._* Thumbs.db # Files that might appear on external disks .S
-
功能分支(feature branches)、发布分支(release branches)、主干(master)、开发分支(develop)、紧急修复分支(hotfixes)和标签(tag)。 Git Flow 太复杂 Git Flow 违背了分支的“短命”原则:在使用 Git 时,在同一个分支上开发代码的人越多,出现合并冲突的几率就越高。在使用 Git Flow 后,冲突几率会变得更高,因为还有
-
规范建设 commit message格式 <type>(<scope>): <subject> type(必须) 用于说明git commit的类别,只允许使用下面的标识。 feat:新功能(feature)。 fix/to:修复bug,可以是QA发现的BUG,也可以是研发自己发现的BUG。 fix:产生diff并自动修复此问题。适合于一次提交直接修复问题 to:只产生diff不自动修复此问题
-
集中式与分布式 中心服务器 工作流 分支实现 冲突 Fast forward 储藏(Stashing) SSH 传输设置 .gitignore 文件 Git 命令一览 参考资料 集中式与分布式 Git 属于分布式版本控制系统,而 SVN 属于集中式。 集中式版本控制只有中心服务器拥有一份代码,而分布式版本控制每个人的电脑上就有一份完整的代码。 集中式版本控制有安全性问题,当中心服务器挂了所有人都没
-
作为一名开发者怎么可能没有 Git 呢? 我们马上就来安装: $ brew install git 好的,现在我们来测试一下 git 是否安装完好: $ git --version 运行 $ which git 将会输出 /usr/local/bin/git. 接着,我们将定义你的 Git 帐号(与你在 GitHub 使用的用户名和邮箱一致) $ git config --global user.
-
Name git - 迟钝的内容跟踪器 概要 git [--version] [--help] [-C <path>] [-c <name>=<value>] [--exec-path[=<path>]] [--html-path] [--man-path] [--info-path] [-p|--paginate|--no-pager] [--no-replace-objects]