This is a multiple threads tool to detect whether a site has the .git folder
leakage vulnerability. It is able to download the target .git folder almost
completely. This tool also works when the DirectoryListings feature is
disabled. It is worth mentioning that this tool will download almost all files
of the target git repository and then rebuild them locally, which makes this
tool State of the art in this area. For example, tools like [githack] just
simply restore the latest version. With GitHacker's help, you can view the
developer's commit history, which makes a better understanding of the character
and psychology of developers, so as to lay the foundation for further code
audition.
PROCLAMATION (IMPORTANT)
Several VULNERABILITIES have been reported recently, if you are using
GitHacker <= 1.1.0, please update your tool as soon as possible.
The remote .git folder maybe malicious, so to prevent you from being attacked.
I highly recommend you run this tool under a disposable jailed environment
(eg: docker container).
Security Issues
2021-08-01 Fixed: Malicious .git folder maybe harmful to the user of this tool (Reported by Driver Tom)
请发表评论