Tool: Gitjacker tool

New Gitjacker tool lets you find .git folders exposed online

A new tool called Gitjacker can help developers discover when they’ve accidentally uploaded /.git folders online and have left sensitive information exposed to attackers.

Gitjacker was created by British software engineer Liam Galvin, is written in Go, and was released as a free download last month on GitHub.

In its simplest form, the tool lets users scan a domain and identify the location of a /.git folder on their production systems.

/.git folders should never be uploaded online.

“A .git directory stores all of your [Git] repository data, such as configuration, commit history, and actual content of each file in the repository,” Galvin said in a blog post last month when he launched Gitjacker.

“If you can retrieve the full contents of a .git directory for a given website, you will be able to access raw source code for that site, and often juicy configuration data like database passwords, password salts, and more,” he added.

VISIT SOURCE

CONTENT

FEATURED

COMPANY

Tool: Gitjacker tool

Related Posts

Tool: Virtual host scanner

Tool: Zenmap

Tool: Kiuwan

MORE

Hacking Exposed 7: Network Security Secrets and Solutions

Johnny Mnemonic (1995)

Book: Quantum Computing: An Applied Approach

Storm Watch (2002)

Tags