GitDump : A Pentesting Tool That Dumps The Source Code From .Git Even When The Directory Traversal Is Disabled

GitDump dumps the source code from .git when the directory traversal is disabled

Requirements

Python3

Tested On

• Windows
• Kali Linux

What It Does

Dump source code from website/.git directory when directory traversal is disabled.

How It Works

• Fetch all common files (.git/index, .git/HEAD, .git/ORIG_HEAD, etc.).
• Find as many objects (sha1) as possible by analyzing .git/packed-refs, .git/index, etc.
• Download idx and pack files.
• Now you can run git checkout — . to retrieve source code.

How To Use

• python3 git-dump.py https://website.com/.git/
• Create the output directory and dump all the .git files in it.
• After running above script type: cd output && git checkout -- .
• It will recover all source code.

Screenshot