A tool to dump exposed .git repositories

Overview

git-dumper

This repository houses a tool to dump exposed .git repositories. This is a rewrite from the original GitTools's Dumper project, but in a real programming language with parallelism for massive speed gains (over 10x faster).

Why?

Many (lazy?) developers deploy their projects to their webservers through git: they run git clone https://url/to/my-repo.git in their web server's content directory. Doing this often leaves a .git folder exposed which an attacker can scrape and use to reconstruct your website's source code and version history. This tool does exactly that: scrape the .git directory so you can have a copy locally.

Limitations

Git may run "garbage collection" on your repository which causes it to compact multiple object files into "pack" files. While object files can be found fairly easily through references from other object files, pack files dont seem to have explicit references to them and can not be downloaded without having a directory listing. If you do have a directory listing, you dont need this tool and can download the repository using wget :)

Related projects

  • GitTools, which inspired this project.
  • DotGit, a browser extension that automatically checks for exposed .git directories.
You might also like...
A wrapper around the code action dump from https://mcdiamondfire.com.

DiamondFire Action Dump for Rust A wrapper around the code action dump from https://mcdiamondfire.com. This currently only provides schema types for u

rp-bf: A library to bruteforce ROP gadgets by emulating a Windows user-mode crash-dump
rp-bf: A library to bruteforce ROP gadgets by emulating a Windows user-mode crash-dump

rp-bf: A library to bruteforce ROP gadgets by emulating a Windows user-mode crash-dump Motivations Oftentimes after hijacking control-flow, the author

Delete useless GitHub repositories easily.

delete-unused-repo Delete useless GitHub repositories easily. Demo del-unused-repo.mp4 Usage Warning You are responsible for your own actions, this is

Mirroring remote repositories to s3 storage, with atomic updates and periodic garbage collection.

rsync-sjtug WIP: This project is still under development, and is not ready for production use. rsync-sjtug is an open-source project designed to provi

Retrieve all requested SBOMs from the GitHub repositories.

GitHub SBOM(s) Generator Action This GitHub Action and/or standalone CLI application generates a Software Bill of Materials (SBOM) for a given GitHub

Cli tool for git productivity written in Rust and packaged for consumption via NPM
Cli tool for git productivity written in Rust and packaged for consumption via NPM

crust 🍞 cli tool for git productivity written in Rust and packaged for consumption via NPM This repo is identical with @skyneticist/golee in terms of

A command line tool for people of transgender experience to replace their deadname within a Git repo.

chowndn (Change Owner from Dead Name) A command line tool for people of transgender experience to replace their dead name within a Git repo. See chown

turbocommit is a Rust-based CLI tool that generates high-quality git commit messages in accordance with the Conventional Commits specification, using OpenAI's
turbocommit is a Rust-based CLI tool that generates high-quality git commit messages in accordance with the Conventional Commits specification, using OpenAI's

turbocommit is a Rust-based CLI tool that generates high-quality git commit messages in accordance with the Conventional Commits specification, using OpenAI's `gpt-3.5-turbo` language model. It is easy to use and a cost-effective way to keep git commit history at a higher quality, helping developers stay on track with their work.

a command-line tool that transforms a Git repository into a minimal format for ChatGPT queries
a command-line tool that transforms a Git repository into a minimal format for ChatGPT queries

gprepo /dʒiːpiːˈɹi:pi:oʊ/ a command-line tool that transforms a Git repository into a minimal format for ChatGPT queries. Features Excludes LICENSE an

Releases(v0.1.0)
Owner
HoLLy
C# developer. I mostly play around with osu! and .NET reversing.
HoLLy
A command-line tool and Docker image to automatically backup Git repositories from GitHub or anywhere

A command-line tool and Docker image to automatically backup Git repositories from GitHub or anywhere

Jake Wharton 256 Dec 27, 2022
Gix is a command-line interface (CLI) to access git repositories

gix is a command-line interface (CLI) to access git repositories. It's written to optimize the user-experience, and perform as good or better than the

Sebastian Thiel 5.2k Jan 5, 2023
gfold is a CLI-driven application that helps you keep track of multiple Git repositories.

gfold is a CLI-driven application that helps you keep track of multiple Git repositories.

Nick Gerace 215 Jan 4, 2023
Check a folder for dirty git repositories, forgotten branches and commits

dg - find dirty git repos Ever forgot to push a commit or lost your work because you assumed it was pushed to Github but it wasn't? dg finds local git

Dotan J. Nahum 11 Mar 19, 2023
nvim-oxi provides safe and idiomatic Rust bindings to the rich API exposed by the Neovim text editor.

?? nvim-oxi nvim-oxi provides safe and idiomatic Rust bindings to the rich API exposed by the Neovim text editor. The project is mostly intended for p

Riccardo Mazzarini 655 Jul 13, 2023
A Rust CLI tool that helps you enforce Git policies through Git hooks both server and client side

GitPolicyEnforcer This is a command line utility written in Rust, that helps you utilize Git hooks, to enforce various policies. It currently supports

Vagelis Prokopiou 4 Aug 14, 2022
Git Explorer: cross-platform git workflow improvement tool inspired by Magit

Gex Git workflow improvement CLI tool inspired by Magit. This project is still under initial development, but I am actively dogfooding it and features

Peter Hebden 204 Jan 6, 2023
This tool will profile official instances of OpenSUSE mirrorcache to determine the fastest repositories for your system

Mirror Magic tool to Magically make OpenSUSE Mirrors Magic-er This tool will profile official instances of OpenSUSE mirrorcache to determine the faste

Firstyear 30 Dec 22, 2022
git-cliff can generate changelog files from the Git history by utilizing conventional commits as well as regex-powered custom parsers.⛰️

git-cliff can generate changelog files from the Git history by utilizing conventional commits as well as regex-powered custom parsers. The changelog template can be customized with a configuration file to match the desired format.

Orhun Parmaksız 5k Jan 9, 2023
A git sub-command to view your git repository in the web browser

git-view A git sub-command to view your git repository in the web browser! About Are you also frustrated from moving your hands away from the keyboard

Hamothy 5 Sep 26, 2022