loading
loading
Discovery
Identify websites with publicly accessible .git repositories.
overview
gittools-finder is the discovery component of the GitTools project. Given a list of hosts, it checks each one for a publicly accessible .git directory, the misconfiguration that exposes a site's source history to anyone who asks for it. Instead of probing one URL at a time, it runs the check across the whole input file so you can sweep a large scope in one pass.
It is the front of the GitTools recovery flow. The Finder tells you which hosts are worth attacking; the Dumper and Extractor then download and reconstruct the repositories it flagged. A threads option controls how many hosts it checks concurrently, which keeps a wide sweep moving without overwhelming the resolver.
Run it after subdomain discovery and probing, then feed its hits into gittools-dumper to start recovering source. On Trickest it is a Discovery node that reads an input file of hosts and writes a file and a folder listing the ones with an exposed .git.
use cases
Run the Finder over a file of hosts to flag every site serving a public .git directory, instead of testing URLs one at a time.
Use the flagged hosts to point gittools-dumper at the few sites that are exposed, rather than dumping blindly across the scope.
Set the thread count so a large host list is checked quickly without overrunning the resolver or the targets.
reference
| Name | Type | Flag | Description |
|---|---|---|---|
| input-file | FILE | -i | Input file of hosts to check for an exposed .git directory. |
| threads | STRING | -t | Number of concurrent threads for the sweep. |
Showing key inputs. gittools-finder exposes 2 inputs in total.
example
# gittools-finder: sweep hosts.txt for exposed .git with 20 threadsgitfinder.py -i hosts.txt -t 20https://example.com/.git/https://staging.example.com/.git/https://dev.example.com/.git/https://old.example.com/.git/https://cdn-origin.example.com/.git/https://intranet.example.com/.git/# 6 hosts with accessible .git from 120 probedguidance
Use gittools-finder to discover which hosts expose a .git directory before you try to recover anything. It only finds, so feed its hits to gittools-dumper and gittools-extractor, or to gitjacker, to download and rebuild the repositories it flags.
The next step after the Finder; downloads the .git directories it flags.
Recovers a single exposed repo end to end; pair it with the Finder's host list.
Scans for many sensitive files and misconfigurations, including exposed .git, across hosts.
faq
related
Check whether a URL redirects to a masked 404 page.
Append lines to a file only if they are not already there.
Extract URLs and endpoints from Android APK files.
Visual inspection of websites across a large number of hosts.
Find suspicious files across a large set of AWS S3 buckets.
An automated tool that checks for backup artifacts that may disclose a web application's source code.
A host list feeds gittools-finder, which flags sites with an exposed .git and passes them to gittools-dumper so the recovered repos land as output.
Facts on this page come from the live Trickest tool library.