git-dumper
by arthaud
git-dumper is a tool designed to extract and reconstruct a git repository from a publicly accessible website.
A tool to dump a git repository from a website
Primary Use Case
This tool is primarily used by penetration testers and red teamers to retrieve git repositories exposed on websites, which can reveal sensitive source code and configuration details. It automates the process of downloading and reconstructing the repository even when directory listing is disabled, aiding in security assessments and vulnerability research.
- Recursively downloads .git directory if directory listing is enabled
- Fetches common git files like .gitignore, HEAD, and index
- Analyzes git refs and logs to find branch and remote references
- Recursively fetches git objects by analyzing commits and their parents
- Supports concurrent requests with configurable job count
- Allows use of proxies, custom user agents, and additional HTTP headers
- Supports client certificate authentication in PKCS#12 format
- Automatically runs git checkout to recover the working tree
Installation
- Run `pip install git-dumper` to install via pip
- Alternatively, clone the repository and install dependencies with `pip install -r requirements.txt`
- Run the tool directly using `./git_dumper.py` after installing dependencies
Usage
>_ git-dumper http://website.com/.git ~/websiteDumps the git repository from the specified website URL into the local directory '~/website'
>_ git-dumper --proxy http://127.0.0.1:8080 http://website.com/.git ~/websiteUses the specified proxy for all HTTP requests during the dump
>_ git-dumper -j 10 http://website.com/.git ~/websiteSets the number of simultaneous requests to 10 to speed up the dumping process
>_ git-dumper --user-agent 'CustomAgent' http://website.com/.git ~/websiteUses a custom user-agent string for HTTP requests
>_ ./git_dumper.py http://website.com/.git ~/websiteRuns the tool from source to dump the git repository
- Integrate git-dumper into red team reconnaissance phases to quickly identify exposed source code repositories.
- Use the tool to validate blue team detection capabilities around exposed git repositories and sensitive data leakage.
- Automate git-dumper scans as part of continuous security assessments in CI/CD pipelines to detect accidental .git exposures.
- Combine with vulnerability scanners to prioritize remediation of exposed sensitive code and configuration files.
- Leverage output from git-dumper to create custom detection rules for monitoring unauthorized access to source code repositories.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about git-dumper. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
3 free chats per tool • Instant responses • No credit card
Related Tools
Awesome-Hacking
Hack-with-Github/Awesome-Hacking
A collection of various awesome lists for hackers, pentesters and security researchers
hackingtool
Z4nzu/hackingtool
ALL IN ONE Hacking Tool For Hackers
mitmproxy
mitmproxy/mitmproxy
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
sqlmap
sqlmapproject/sqlmap
Automatic SQL injection and database takeover tool
metasploit-framework
rapid7/metasploit-framework
Metasploit Framework
h4cker
The-Art-of-Hacking/h4cker
This repository is maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), AI security, vulnerability research, exploit development, reverse engineering, and more. 🔥 Also check: https://hackertraining.org