GitDump : A Pentesting Tool That Dumps The Source Code From .Git Even When The Directory Traversal Is Disabled

GitDump dumps the source code from .git when the directory traversal is disabled

Requirements

Python3

Tested On

  • Windows
  • Kali Linux

What It Does

Dump source code from website/.git directory when directory traversal is disabled.

How It Works

  • Fetch all common files (.git/index, .git/HEAD, .git/ORIG_HEAD, etc.).
  • Find as many objects (sha1) as possible by analyzing .git/packed-refs, .git/index, etc.
  • Download idx and pack files.
  • Now you can run git checkout — . to retrieve source code.

How To Use

  • python3 git-dump.py https://website.com/.git/
  • Create the output directory and dump all the .git files in it.
  • After running above script type: cd output && git checkout -- .
  • It will recover all source code.

Screenshot

Download
R K

Share
Published by
R K
Tags: .GitDirectory TraversalDisabledGitDumpPentesting ToolSource Code
4 years ago

Recent Posts

Promptmap

Prompt injection is a type of security vulnerability that can be exploited to control the…

20 hours ago

Firefly – Black Box Fuzzer For Web Applications

Firefly is an advanced black-box fuzzer and not just a standard asset discovery tool. Firefly…

20 hours ago

Winit : Cross-Platform Window Creation And Management In Rust

Winit is a robust, cross-platform library designed for creating and managing windows in Rust applications.…

20 hours ago

Browser Autofill Phishing – The Hidden Dangers And Security Risks

In today’s digital age, convenience often comes at the cost of security. One such overlooked…

20 hours ago

Terminal GPT (tgpt) – Your Direct CLI Gateway To ChatGPT 3.5

Terminal GPT (tgpt) offers a seamless way to bring the power of ChatGPT 3.5 directly…

20 hours ago

garak, LLM Vulnerability Scanner : The Comprehensive Tool For Assessing Language Model Security

garak checks if an LLM can be made to fail in a way we don't…

4 days ago