{"id":13648254,"url":"https://github.com/lijiejie/GitHack","last_synced_at":"2025-04-22T07:30:57.065Z","repository":{"id":31210270,"uuid":"34771269","full_name":"lijiejie/GitHack","owner":"lijiejie","description":"A `.git` folder disclosure exploit","archived":false,"fork":false,"pushed_at":"2023-02-01T07:14:07.000Z","size":16,"stargazers_count":3325,"open_issues_count":14,"forks_count":808,"subscribers_count":84,"default_branch":"master","last_synced_at":"2025-04-21T03:51:13.778Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lijiejie.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-04-29T03:52:57.000Z","updated_at":"2025-04-19T15:10:49.000Z","dependencies_parsed_at":"2023-02-17T03:01:18.895Z","dependency_job_id":null,"html_url":"https://github.com/lijiejie/GitHack","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lijiejie%2FGitHack","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lijiejie%2FGitHack/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lijiejie%2FGitHack/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lijiejie%2FGitHack/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lijiejie","download_url":"https://codeload.github.com/lijiejie/GitHack/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250195033,"owners_count":21390230,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-02T01:04:05.393Z","updated_at":"2025-04-22T07:30:56.824Z","avatar_url":"https://github.com/lijiejie.png","language":"Python","funding_links":[],"categories":["Python","Python (144)"],"sub_categories":[],"readme":"# GitHack\n\n\n### This is important\n### All users please git pull to update source code. (2022-05-09)  \n\nGitHack is a `.git` folder disclosure exploit. \n\nIt rebuild source code from .git folder while keep directory structure unchanged.\n\nGitHack是一个.git泄露利用脚本，通过泄露的.git文件夹下的文件，重建还原工程源代码。\n\n渗透测试人员、攻击者，可以进一步审计代码，挖掘：文件上传，SQL注射等web安全漏洞。\n\n## Change Log\n\n* 2022-05-09: Bug fix, thanks  [@justinsteven](https://github.com/justinsteven) . \n* 2022-04-07：Fix arbitrary file write vulnerability.  Thanks for [@justinsteven](https://github.com/justinsteven)  \\'s bug report, it's very helpful.\n* 2022-04-07：Add python3.x support\n\n## How It works ##\n\n* 解析.git/index文件，找到工程中所有的： ( 文件名，文件sha1 )\n* 去.git/objects/ 文件夹下下载对应的文件\n* zlib解压文件，按原始的目录结构写入源代码\n\n## Usage ##\n    python GitHack.py http://www.openssl.org/.git/\n\n## Thanks ##\nThanks for sbp's great work, I used his .git index parser [gin - a Git index file parser](https://github.com/sbp/gin).\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flijiejie%2FGitHack","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flijiejie%2FGitHack","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flijiejie%2FGitHack/lists"}