Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/HightechSec/git-scanner

A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public
https://github.com/HightechSec/git-scanner

bash bughunting git-dumper hacking-tools pentest-tool pentesting security-audit

Last synced: about 1 month ago
JSON representation

A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public

Host: GitHub
URL: https://github.com/HightechSec/git-scanner
Owner: HightechSec
License: mit
Created: 2020-05-17T14:30:19.000Z (about 4 years ago)
Default Branch: master
Last Pushed: 2020-06-23T05:44:26.000Z (almost 4 years ago)
Last Synced: 2024-01-07T13:05:32.359Z (5 months ago)
Topics: bash, bughunting, git-dumper, hacking-tools, pentest-tool, pentesting, security-audit
Language: Shell
Size: 1.11 MB
Stars: 321
Watchers: 10
Forks: 89
Open Issues: 3
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE.md

Lists

awesome-pentest - git-scanner - Tool for bug hunting or pentesting websites that have open `.git` repositories available in public. (Web Exploitation / Web-accessible source code ripping tools)
awesome-hacking - Git-Scanner - A tool for bug hunting or pentesting for targeting websites that have open `.git` repositories available in public (Tools / Binary files examination and editing)
awesome-pentest - git-scanner - Tool for bug hunting or pentesting websites that have open `.git` repositories available in public. (Web Exploitation / Web-accessible source code ripping tools)
awesome-pentest-resource - git-scanner - Tool for bug hunting or pentesting websites that have open `.git` repositories available in public. (Web Exploitation / Web-accessible source code ripping tools)
awesome-penetest - git-scanner - Tool for bug hunting or pentesting websites that have open `.git` repositories available in public. (Web Exploitation / Web-accessible source code ripping tools)
my-awesome-stars - HightechSec/git-scanner - A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public (Shell)
awesome-pentest - git-scanner - Tool for bug hunting or pentesting websites that have open `.git` repositories available in public. (Web Exploitation / Web-accessible source code ripping tools)
awesome-hacking-lists - git-scanner - A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public (Shell (473))
awesome-stars - HightechSec/git-scanner - `★331` A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public (Shell)
awesome-pentest - git-scanner - Tool for bug hunting or pentesting websites that have open `.git` repositories available in public. (Web Exploitation / Web-accessible source code ripping tools)
awesome-pentest - git-scanner - Tool for bug hunting or pentesting websites that have open `.git` repositories available in public. (Web Exploitation / Web-accessible source code ripping tools)
awesome-hacking-lists - HightechSec/git-scanner - A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public (Shell)
awesome-hacking-lists - git-scanner - A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public (Shell)
awesome - git-scanner - A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public (Shell)

README

# Git Scanner Framework
[![License](https://img.shields.io/badge/license-MIT-red.svg?style=flat)](https://github.com/HightechSec/git-scanner/blob/master/LICENSE.md)
![Build](https://img.shields.io/badge/Supported_OS-Linux-yellow.svg?style=flat)
![Build](https://img.shields.io/badge/Supported_WSL-Windows-blue.svg?style=flat)
![GitHub code size in bytes](https://img.shields.io/github/languages/code-size/HightechSec/git-scanner)
![GitHub repo size](https://img.shields.io/github/repo-size/HightechSec/git-scanner)
![GitHub last commit](https://img.shields.io/github/last-commit/HightechSec/git-scanner)
![GitHub stars](https://img.shields.io/github/stars/HightechSec/git-scanner)
![GitHub pull requests](https://img.shields.io/github/issues-pr/HightechSec/git-scanner)
![GitHub forks](https://img.shields.io/github/forks/HightechSec/git-scanner)
![GitHub issues](https://img.shields.io/github/issues/HightechSec/git-scanner)
![GitHub watchers](https://img.shields.io/github/watchers/HightechSec/git-scanner)

This tool can scan websites with open ```.git``` repositories for `Bug Hunting`/ `Pentesting Purposes` and can dump the content of the ```.git``` repositories from webservers that found from the scanning method. This tool works with the provided Single target or Mass Target from a file list.

## Installation
```
- git clone https://github.com/HightechSec/git-scanner
- cd git-scanner
- bash gitscanner.sh
```
or you can install in your system like this
```
- git clone https://github.com/HightechSec/git-scanner
- cd git-scanner
- sudo cp gitscanner.sh /usr/bin/gitscanner && sudo chmod +x /usr/bin/gitscanner
- $ gitscanner
```
## Usage
- Menu's
- Menu `1` is for scanning and dumping git repositories from a provided file that contains the `list of the target url` or a provided `single target url`.
- Menu `2` is for scanning only a git repositories from a provided file that contains the `list of the target url` or a provided `single target url`.
- Menu `3` is for Dumping only the git repositories from a provided file that contains `list of the target url` or a provided `single target url`. This will work for the `Maybe Vuln` Results or sometimes with a repository that had directory listing disabled or maybe had a `403 Error Response`.
- Menu `4` is for Extracting files only from a Folder that had .git Repositories to a destination folder
- URL Format
- Use ```http://``` like ```http://example.com``` or ```https://``` like ```https://example.com``` for the url formatting
- Make sure use this format in the files that contains the list of possible target that you have, Example:
- https://target.com
- http://hackerone.com
- https://bugcrowd.com
- Extractor
- When using Extractor, make sure the location of the git repositories that you select are correct. Remember, The first option is for inputing the `Selected git repository` and the second option is for inputing the `Destination folder`

## Requirements
* curl
* bash
* git
* sed

## Todos
- Creating a `Docker Images` if it's possible
- ~~Adding Extractor on the next Version~~ Added in version 1.0.2#beta but still experimental.
- Adding ~~Thread Processing~~ Multi Processing (`Bash doesn't Support Threading`)

## Changelog
All notable changes to this project listed in this [file](https://github.com/HightechSec/git-scanner/blob/master/CHANGELOG.md)

# Credits
Thanks to:
- [GitTools](https://github.com/internetwache/GitTools) by [internetwache](https://github.com/internetwache/)
- [Mass Git Scanner](https://github.com/Adelittle/Mass_Git_Scanner/) by [Ade Little](https://github.com/Adelittle/)