A multiple threads tool to download the `.git` folder and rebuild git repository locally.
Project description
GitHacker
Desciption
This is a multiple threads tool to exploit the .git
folder leakage vulnerability. It is able to download the target .git
folder almost completely. This tool also works when the DirectoryListings
feature is disabled by brute forcing common .git
folder files.
With GitHacker's help, you can view the developer's commit history, branches, ..., stashes, which makes a better understanding of the target repo, even to find security vulnerabilities.
PROCLAMATION (IMPORTANT)
Several VULNERABILITIES have been reported recently, if you are using GitHacker <= 1.1.0, please update your tool as soon as possible.
The remote .git
folder maybe malicious, so to prevent you from being attacked.
It's highly recommended that you SHOULD run this tool under a disposable jailed environment
(eg: Docker container).
Requirments
- git >= 2.11.0
- Python 3
Usage in Docker (Recommended)
# print help info
docker run wangyihang/githacker --help
# quick start
docker run -v $(pwd)/results:/tmp/githacker/results wangyihang/githacker --output-folder /tmp/githacker/results --url http://127.0.0.1/.git/
# brute for the name of branchs / tags
docker run -v $(pwd)/results:/tmp/githacker/results wangyihang/githacker --brute --output-folder /tmp/githacker/results --url http://127.0.0.1/.git/
# exploit multiple websites, one site per line
docker run -v $(pwd)/results:/tmp/githacker/results wangyihang/githacker --brute --output-folder /tmp/githacker/results --url-file websites.txt
Usage
# install
python3 -m pip install -i https://pypi.org/simple/ GitHacker
# print help info
githacker --help
# quick start
githacker --url http://127.0.0.1/.git/ --output-folder result
# brute for the name of branchs / tags
githacker --brute --url http://127.0.0.1/.git/ --output-folder result
# exploit multiple websites, one site per line
githacker --brute --url-file websites.txt --output-folder result
Comparison of other tools
2021-05-25
Tools | Index | Source Code | Reflogs | Stashes | Commits | Branches | Remotes | Tags |
---|---|---|---|---|---|---|---|---|
GitTools | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :x: | :heavy_check_mark: | :x: | :heavy_check_mark: | :x: |
dvcs-ripper | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :x: | :heavy_check_mark: | :x: | :heavy_check_mark: | :x: |
GitHack | :heavy_check_mark: | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
git-dumper | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
GitHacker | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
GitTools | :x: | :heavy_check_mark: | :heavy_check_mark: | :x: | :heavy_check_mark: | :x: | :heavy_check_mark: | :x: |
dvcs-ripper | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
GitHack | :x: | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
git-dumper | :x: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :x: | :heavy_check_mark: | :x: |
GitHacker | :x: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :muscle: | :heavy_check_mark: | :muscle: |
Example
TODO
-
Download packed files firstly(Unsolvable via StackOverflow) - Fix infinit downloading 404 files, #25
- Fix error when
master
branch not exists, #18 - Extract branch names from
.git/logs/HEAD
, #18 - Publish Docker image to hub.docker.com
- Add Dockerfile
- Fix stash files missing due to the fix of #21, #23, #24 (
git clone
can't download stash files) - Use python f'string in
test.py
- Download tags and branches when Index enabled
- Try common tags and branches when Index disabled
- find packed refs
Test
Setup Development Environment
# Install docker and docker-compose
apt install docker-desktop
apt install docker-compose
# Download GitHacker
git clone https://github.com/WangYihang/GitHacker
cd GitHacker
python -m venv venv
source venv/bin/activate
pip install -r requirements.txt
Run tests
# Generate testing repo
python utils/gen.py
# Run testcases
sudo su
source venv/bin/activate
pip install -r requirements.txt
python utils/test.py
exit
# Diff results
python utils/diff.py
Check report
See test/report/YYYY-MM-DD/index.html
Videos
asciinema
YouTube
- 【.git/ folder attack】Comparison of attack tools (Part I)
- 【.git/ folder attack】Comparison of attack tools (Part II)
Security Issues
2021-08-01 Fixed: Malicious .git folder maybe harmful to the user of this tool (Reported by Driver Tom)
2022-03-01 Fixed: Arbitrary file write via recursive file downloader (Reported by Justin Steven)
- To be released
2022-03-01 Fixed: Remote Code Execution via malicious .git/config
and .git/hooks/*
files (Reported by Justin Steven)
- To be released
References
Acknowledgement
Licsence
THE DRINKWARE LICENSE
<wangyihanger@gmail.com> wrote this file. As long as
you retain this :x:tice you can do whatever you want
with this stuff. If we meet some day, and you think
this stuff is worth it, you can buy me the following
drink(s) in return.
Red Bull
JDB
Coffee
Sprite
Cola
Harbin Beer
etc
Wang Yihang
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file GitHacker-1.1.7.tar.gz
.
File metadata
- Download URL: GitHacker-1.1.7.tar.gz
- Upload date:
- Size: 10.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.10.6
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 190d099c465a4f3242ae4cc83fc4a1209455ee2b28ab5c2b3e9f6f549ef305df |
|
MD5 | 1324086907c7f8005b6b119b23dabd62 |
|
BLAKE2b-256 | c460d052b7a968bb8d3fa2373fc5df2f4f59052a227b63b57c09bcea74277724 |
File details
Details for the file GitHacker-1.1.7-py3-none-any.whl
.
File metadata
- Download URL: GitHacker-1.1.7-py3-none-any.whl
- Upload date:
- Size: 9.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.10.6
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | e7a48d3c51911eed9eb3be01e7033d20302c0cf184229bc7d2908d5a766bcf34 |
|
MD5 | 515a1e0500ff90b4060d452d3e1e9994 |
|
BLAKE2b-256 | 7222f026bedc7d3a550a60edf71ee6d662ee022303cdd45b2218c11571e9bd48 |