https://github.com/arthaud/git-dumper
A tool to dump a git repository from a website
https://github.com/arthaud/git-dumper
git security web
Last synced: 6 months ago
JSON representation
A tool to dump a git repository from a website
- Host: GitHub
- URL: https://github.com/arthaud/git-dumper
- Owner: arthaud
- License: mit
- Created: 2017-03-31T03:39:53.000Z (over 8 years ago)
- Default Branch: master
- Last Pushed: 2024-11-23T19:11:03.000Z (11 months ago)
- Last Synced: 2025-04-10T20:51:52.117Z (7 months ago)
- Topics: git, security, web
- Language: Python
- Size: 51.8 KB
- Stars: 2,058
- Watchers: 19
- Forks: 268
- Open Issues: 9
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-bbht - git-dumper - A tool to dump a git repository from a website (Git / XSS)
- awesome-bbht - git-dumper - A tool to dump a git repository from a website (Git / XSS)
- awesome-cicd-attacks - git-dumper - Dump Git repository from a website. (Tools / Defense Evasion)
- awesome-bugbounty-tools - git-dumper - A tool to dump a git repository from a website (Miscellaneous / Git)
- awesome-hacking-lists - arthaud/git-dumper - A tool to dump a git repository from a website (Python)
- jimsghstars - arthaud/git-dumper - A tool to dump a git repository from a website (Python)
README
# git-dumper
A tool to dump a git repository from a website.
## Install
This can be installed easily with pip:
```
pip install git-dumper
```
## Usage
```
usage: git-dumper [options] URL DIR
Dump a git repository from a website.
positional arguments:
URL url
DIR output directory
optional arguments:
-h, --help show this help message and exit
--proxy PROXY use the specified proxy
-j JOBS, --jobs JOBS number of simultaneous requests
-r RETRY, --retry RETRY
number of request attempts before giving up
-t TIMEOUT, --timeout TIMEOUT
maximum time in seconds before giving up
-u USER_AGENT, --user-agent USER_AGENT
user-agent to use for requests
-H HEADER, --header HEADER
additional http headers, e.g `NAME=VALUE`
--client-cert-p12 CLIENT_CERT_P12
client certificate in PKCS#12 format
--client-cert-p12-password CLIENT_CERT_P12_PASSWORD
password for the client certificate
```
### Example
```
git-dumper http://website.com/.git ~/website
```
### Disclaimer
**Use this software at your own risk!**
You should know that if the repository you are downloading is controlled by an attacker,
this could lead to remote code execution on your machine.
## Build from source
Simply install the dependencies with pip:
```
pip install -r requirements.txt
```
Then, simply use:
```
./git_dumper.py http://website.com/.git ~/website
```
## How does it work?
The tool will first check if directory listing is available. If it is, then it will just recursively download the .git directory (what you would do with `wget`).
If directory listing is not available, it will use several methods to find as many files as possible. Step by step, git-dumper will:
* Fetch all common files (`.gitignore`, `.git/HEAD`, `.git/index`, etc.);
* Find as many refs as possible (such as `refs/heads/master`, `refs/remotes/origin/HEAD`, etc.) by analyzing `.git/HEAD`, `.git/logs/HEAD`, `.git/config`, `.git/packed-refs` and so on;
* Find as many objects (sha1) as possible by analyzing `.git/packed-refs`, `.git/index`, `.git/refs/*` and `.git/logs/*`;
* Fetch all objects recursively, analyzing each commits to find their parents;
* Run `git checkout .` to recover the current working tree