New Gitjacker tool lets you find .git folders exposed online
A new tool called Gitjacker can help developers discover when they’ve accidentally uploaded /.git folders online and have left sensitive information exposed to attackers.
Gitjacker was created by British software engineer Liam Galvin, is written in Go, and was released as a free download last month on GitHub.
“If you can retrieve the full contents of a .git directory for a given website, you will be able to access raw source code for that site, and often juicy configuration data like database passwords, password salts, and more,” he added.