Use git-scanner to identify a target, e.g., http://target-site.com . Dump: Use git-dumper to download the meta-data: git-dumper http://target-site.com ./target-repo Use code with caution. Restore: Use git-extractor to recover the files: git-extractor ./target-repo ./restored-source-code Use code with caution.
Before you can dump a repo, you need to find it. git-scanner crawls a website or a list of websites to check for an exposed /.git/ directory. Identifies potential targets. gittools
This article explores the repository (often associated with internetwache/GitTools), its components, and how to use it for authorized security assessments. What is a .git Directory and Why Does it Matter? Use git-scanner to identify a target, e
Besides GitTools , other tools can help in analyzing exposed repositories: Before you can dump a repo, you need to find it
It probes the server, looking specifically for HEAD , index , or config files within a /.git/ path. 2. git-dumper (The Downloader)
To secure your web applications, ensure your web server configuration (Nginx, Apache, IIS) forbids access to the .git directory. location ~ /\.git deny all; Use code with caution. Apache Configuration:
Identifies vulnerabilities specifically in Adobe Experience Manager (AEM) webapps, which often rely on Git for deployment. Preventing .git Exposure