{"id":13449441,"url":"https://github.com/internetwache/GitTools","last_synced_at":"2025-03-22T22:33:01.798Z","repository":{"id":30627332,"uuid":"34182773","full_name":"internetwache/GitTools","owner":"internetwache","description":"A repository with 3 tools for pwn'ing websites with .git repositories available","archived":false,"fork":false,"pushed_at":"2023-06-14T11:34:06.000Z","size":54,"stargazers_count":3949,"open_issues_count":6,"forks_count":633,"subscribers_count":90,"default_branch":"master","last_synced_at":"2025-03-16T02:07:16.262Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/internetwache.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null},"funding":{"github":"gehaxelt"}},"created_at":"2015-04-18T21:06:33.000Z","updated_at":"2025-03-16T01:53:06.000Z","dependencies_parsed_at":"2024-01-25T19:05:09.016Z","dependency_job_id":"957117cf-0891-4abb-8d9c-f9c0e4e5a77b","html_url":"https://github.com/internetwache/GitTools","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/internetwache%2FGitTools","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/internetwache%2FGitTools/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/internetwache%2FGitTools/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/internetwache%2FGitTools/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/internetwache","download_url":"https://codeload.github.com/internetwache/GitTools/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245029183,"owners_count":20549660,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T06:00:38.867Z","updated_at":"2025-03-22T22:33:01.521Z","avatar_url":"https://github.com/internetwache.png","language":"Shell","readme":" [![GitHub stars](https://img.shields.io/github/stars/internetwache/GitTools.svg)](https://github.com/internetwache/GitTools/stargazers)\n [![GitHub license](https://img.shields.io/github/license/internetwache/GitTools.svg)](https://github.com/internetwache/GitTools/blob/master/LICENSE.md)\n \n\n# GitTools\n\nThis repository contains three small python/bash scripts used for the Git research. [Read about it here](https://en.internetwache.org/dont-publicly-expose-git-or-how-we-downloaded-your-websites-sourcecode-an-analysis-of-alexas-1m-28-07-2015/)\n\n## Finder\n\nYou can use this tool to find websites with their .git repository available to the public\n\n### Usage\n\nThis python script identifies websites with publicly accessible ```.git``` repositories.\nIt checks if the ```.git/HEAD``` file contains ```refs/heads```.\n\n```\n$ ./gitfinder.py -h\n\n###########\n# Finder is part of https://github.com/internetwache/GitTools\n#\n# Developed and maintained by @gehaxelt from @internetwache\n#\n# Use at your own risk. Usage might be illegal in certain circumstances.\n# Only for educational purposes!\n###########\n\nusage: gitfinder.py [-h] [-i INPUTFILE] [-o OUTPUTFILE] [-t THREADS]\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -i INPUTFILE, --inputfile INPUTFILE\n                        input file\n  -o OUTPUTFILE, --outputfile OUTPUTFILE\n                        output file\n  -t THREADS, --threads THREADS\n                        threads\n```\n\nThe input file should contain the targets one per line.\nThe script will output discovered domains in the form of ```[*] Found: DOMAIN``` to stdout.\n\n#### Scanning Alexa’s Top 1M\n\n```\nwget http://s3.amazonaws.com/alexa-static/top-1m.csv.zip\nunzip top-1m.csv.zip\nsed -i.bak 's/.*,//' top-1m.csv\n./gitfinder.py -i top-1m.csv\n```\n\n## Dumper\n\nThis tool can be used to download as much as possible from the found .git repository from webservers which do not have directory listing enabled.\n\n### Usage\n\n```\n$ ./gitdumper.sh -h\n\n[*] USAGE: http://target.tld/.git/ dest-dir [--git-dir=otherdir]\n\t\t--git-dir=otherdir\t\tChange the git folder name. Default: .git\n\n```\n\nNote: This tool has no 100% guaranty to completely recover the .git repository. Especially if the repository has been compressed into ```pack```-files, it may fail.\n\n\n## Extractor\n\nA small bash script to extract commits and their content from a broken repository.\n\nThis script tries to recover incomplete git repositories:\n\n- Iterate through all commit-objects of a repository\n- Try to restore the contents of the commit\n- Commits are *not* sorted by date\n\n### Usage\n\n```\n$ ./extractor.sh /tmp/mygitrepo /tmp/mygitrepodump\n```\nwhere\n- ```/tmp/mygitrepo``` contains a ```.git``` directory\n- ```/tmp/mygitrepodump``` is the destination directory\n\nThis can be used in combination with the ```Git Dumper``` in case the downloaded repository is incomplete.\n\n\n## Demo\n\nHere's a small demo of the **Dumper** tool:\n\n[![asciicast](https://asciinema.org/a/24072.png)](https://asciinema.org/a/24072)\n\n## Proxy support\n\nThe `urllib` and `curl` should support proxy configuration through environment variables:\n\nIn bash, set:\n\n```\nexport HTTP_PROXY=http://proxy_url:proxy_port\nexport HTTPS_PROXY=http://proxy_url:proxy_port\n```\n\nIn Window's CMD, use:\n\n```\nset HTTP_PROXY=http://proxy_url:proxy_port\nset HTTPS_PROXY=http://proxy_url:proxy_port\n```\n\nBasic auth should be supported with:\n\n```\nhttp://username:password@proxy_url:proxy_port\n```\n\n## Requirements\n* git\n* Python 3+\n* curl\n* bash\n* sed\n* binutils (strings)\n\n# License\n\nAll tools are licensed using the MIT license. See [LICENSE.md](LICENSE.md)\n","funding_links":["https://github.com/sponsors/gehaxelt"],"categories":["1. [↑](#-content) OSINT","Shell","Miscellaneous","Web Exploitation","Shell (473)","Tools","Web"],"sub_categories":["Git","Web-accessible source code ripping tools","Web Exploitation","Web Accessible Source Code Ripping Tools","Penetration Testing Report Templates"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finternetwache%2FGitTools","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Finternetwache%2FGitTools","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finternetwache%2FGitTools/lists"}