GitDump – Pentesting Tool to Dump .git Source Code When Directory Traversal is Disabled

gitdump

GitDump dumps source code from website/.git directory when directory traversal is disabled.

How it works:
[su_quote]
[*]Fetch all common files (.git/index, .git/HEAD, .git/ORIG_HEAD, etc.).
[*]Find as many objects (sha1) as possible by analyzing .git/packed-refs, .git/index, etc.
[*]Download idx and pack files.
[*]Now you can run git checkout — . to retrieve source code.[/su_quote]

Requirements:
[su_quote]
Python3
[/su_quote]
Usage:
[su_quote]
python3 git-dump.py website.com
After running above script type: git checkout — .
It will recover all source code.[/su_quote]

Download: https://github.com/Ebryx/GitDump

Please follow and like us: