Exploit Notes

Git GitHub Pentesting

Last modified: 2023-02-25

Reconnaissance

Git is software for tracking changes in any sets of files. It’s also used with GitHub usually.

Git Commands for the Repository Investigation

Check Information

# Basic information
git show
git show <branch-name>
git show <commit-id>
git show <tag-name>
git --git-dir /path/to/.git show

# Configuration
git config --list

# Commit history
git log
git log --stat
git --git-dir /path/to/.git log --stat

# Compare the two commits
git diff
git diff --staged
git diff --cached

# Working tree status
git status

Back to the Previous Commits

# You can get the "commit-id" by 'git log'
git checkout <commit-id>
git --git-dir /path/to/.git checkout <commit-id>

# Return the recent commit
git checkout master
git checkout main

Search the Other Branches

For getting all branches.

git branch -a

Btw, for creating a new branch.

git branch new-branch

Clone the Repository

git clone https://github.com/username/repo.git

# via SSH
git clone ssh://git-user@10.0.0.1/path/to/repo
git clone ssh://git-user@10.0.0.1/path/to/repo.git

Find Tags

# List tags
git tag
git tag -l

# Show the contents of the specific tag
git show <tag-name>

Restore Deleted Files

First off, check deleted files.

git status

Then restore them.

git restore <a-deleted-file>

GitHub Dorks

Search Target Repository

You may be able to get the desired repository by searching in the Google.

The searching word is like " github".

Find Sensitive Data in the Repository

If you can access to the GitHub repository, research files and find the sensitive information. For example:

  • Hard-coded contents
  • Past commits
  • Deleted files in past commits
  • Commit messages
  • Email address which may leak sensitive information about personal accounts
  • Different branches

For more details, see the github-dorks.

Find Email Address

  1. Click the target repository.

  2. Move to the commit history.

  3. Click the commit and add “.patch” to the URL. For example:

    https://github.com/<username>/<repository>/commit/d4...ff54.patch
    
  4. Check the “From” section in the page. You should find the email address of the commiter.


Tools by HDKS

Fuzzagotchi

Automatic web fuzzer.

aut0rec0n

Auto reconnaissance CLI.

Hash Cracker

Hash identifier.