WangYihang / Githacker
🕷️ A Git source leak exploit tool that restores the entire Git repository, including data from stash, for white-box auditing and analysis of developers' mind
Stars: ✭ 524
Programming Languages
python
139335 projects - #7 most used programming language
Labels
Projects that are alternatives of or similar to Githacker
PIL-RCE-Ghostscript-CVE-2018-16509
PoC + Docker Environment for Python PIL/Pillow Remote Shell Command Execution via Ghostscript CVE-2018-16509
Stars: ✭ 44 (-91.6%)
Mutual labels: web-security
UltimateCMSWordlists
📚 An ultimate collection wordlists of the best-known CMS
Stars: ✭ 54 (-89.69%)
Mutual labels: web-security
Javaid
java source code static code analysis and danger function identify prog
Stars: ✭ 327 (-37.6%)
Mutual labels: web-security
cyber-gym
Deliberately vulnerable scripts for Web Security training
Stars: ✭ 19 (-96.37%)
Mutual labels: web-security
shellsum
A defense tool - detect web shells in local directories via md5sum
Stars: ✭ 30 (-94.27%)
Mutual labels: web-security
WDIR
Good resources about web security that I have read.
Stars: ✭ 14 (-97.33%)
Mutual labels: web-security
firecracker
Stop half-done API specifications! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by validating your API specifications.
Stars: ✭ 438 (-16.41%)
Mutual labels: web-security
Lookyloo
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.
Stars: ✭ 381 (-27.29%)
Mutual labels: web-security
Sherlock
This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)
Stars: ✭ 36 (-93.13%)
Mutual labels: web-security
Awesome Web Hacking
A list of web application security
Stars: ✭ 3,760 (+617.56%)
Mutual labels: web-security
How-to-Hack-Websites
開源的正體中文 Web Hacking 學習資源 - 程式安全 2021 Fall
Stars: ✭ 291 (-44.47%)
Mutual labels: web-security
sqlinjection-training-app
A simple PHP application to learn SQL Injection detection and exploitation techniques.
Stars: ✭ 56 (-89.31%)
Mutual labels: web-security
Shell Backdoor List
🎯 PHP / ASP - Shell Backdoor List 🎯
Stars: ✭ 288 (-45.04%)
Mutual labels: web-security
Ssrf vulnerable lab
This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack
Stars: ✭ 361 (-31.11%)
Mutual labels: web-security
requests-ip-rotator
A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.
Stars: ✭ 323 (-38.36%)
Mutual labels: web-security
Raven-Storm
Raven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.
Stars: ✭ 235 (-55.15%)
Mutual labels: web-security
Burpa
Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).
Stars: ✭ 427 (-18.51%)
Mutual labels: web-security
GitHacker
Desciption
This is a multiple threads tool to detect whether a site has the .git folder
leakage vulnerability. It is able to download the target .git folder almost
completely. This tool also works when the DirectoryListings feature is
disabled. It is worth mentioning that this tool will download almost all files
of the target git repository and then rebuild them locally, which makes this
tool State of the art in this area. For example, tools like [githack] just
simply restore the latest version. With GitHacker's help, you can view the
developer's commit history, which makes a better understanding of the character
and psychology of developers, so as to lay the foundation for further code
audition.
Comparison of other tools
- 【.git/ folder attack】Comparison of attack tools (Part ONE)
- 【.git/ folder attack】Comparison of attack tools (Part TWO)
Requirments
- git >= 2.11.0
- python-requests
- Linux envrionment
Installation
# Install requests
pip install requests
# Download source
git clone https://github.com/wangyihang/GitHacker.git
Usage :
Usage :
python GitHacker.py [Website]
Example :
python Githacker.py http://127.0.0.1/.git/
Author :
wangyihang <[email protected]>
Example
python GitHacker.py http://127.0.0.1/.git/
TODO:
- [ ] Download tags and branches when Index enabled
- [ ] Try common tags and branches when Index disabled
- [ ] find packed refs
Video
Acknowledgement
Licsence
THE DRINKWARE LICENSE
<[email protected]> wrote this file. As long as
you retain this notice you can do whatever you want
with this stuff. If we meet some day, and you think
this stuff is worth it, you can buy me the following
drink(s) in return.
Red Bull
JDB
Coffee
Sprite
Cola
Harbin Beer
etc
Wang Yihang
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].