Git Exposure Scanner - Extract sensitive information from exposed .git directories
Project description
Git Exposure Scanner
Extract sensitive information from exposed .git directories
Overview
This tool scans web applications for exposed .git directories and extracts sensitive information including:
- Git configuration files
- Branch information
- Commit history and logs
- Email addresses from commit logs
- Remote repository URLs
- Sensitive secrets like:
- AWS Access Keys & Secret Keys
- API Keys
- Private Keys
- Passwords
- Tokens
- Database connection strings
Installation
pip install .
Usage
Basic Scan
git-exposure-scanner -t https://example.com
With Custom Timeout
git-exposure-scanner -t https://example.com --timeout 15
Using Full Package Name
CYBERTECHMIND-GIT-EXPOSURE-SCANNER -t https://example.com
What It Does
-
Detects Exposed .git Directory
- Checks for common .git files (HEAD, config, index, description)
-
Extracts Configuration
- Downloads
.git/config - Parses remote repository URLs
- Downloads
-
Discovers Branches
- Finds current branch
- Scans for common branches (master, main, develop, staging, production)
- Retrieves commit hashes
-
Extracts Logs
- Downloads git logs
- Extracts developer email addresses
-
Scans for Secrets
- AWS credentials
- API keys
- Passwords
- Private keys
- Database URLs
- Authentication tokens
Example Output
╔═══════════════════════════════════════════════════════════════════╗
║ ║
║ Git Exposure Scanner ║
║ Extract Sensitive Data from .git Directories ║
║ ║
║ Author: Moovendhan V (CyberTechMind) ║
║ Version: 1.0.0 ║
║ ║
╚═══════════════════════════════════════════════════════════════════╝
[*] Target: https://example.com
[*] Starting scan...
[*] Scanning https://example.com for exposed .git directory...
[+] Found: .git/HEAD
[+] Found: .git/config
[!] .git directory is EXPOSED!
[*] Extracting git configuration...
[+] Extracted .git/config
[*] Remote repositories found:
https://github.com/company/secret-repo.git
[*] Discovering branches...
[+] Current branch: refs/heads/master
[+] Branch found: master (a1b2c3d4)
[*] Extracting logs...
[+] Extracted: .git/logs/HEAD
[*] Email addresses found:
developer@example.com
admin@example.com
[*] Scanning for secrets...
[!] AWS Access Key found: AKIAIOSFODNN7EXAMPLE...
[!] Database URL found: mongodb://admin:password123@...
======================================================================
Git Exposure Scanner Report
======================================================================
Target: https://example.com
Status: VULNERABLE
[*] Exposed Git Files:
- .git/HEAD
- .git/config
[*] Branches Discovered:
- refs/heads/master
- master
[!] Sensitive Data Found:
[remote_url] https://github.com/company/secret-repo.git
[email] developer@example.com
[AWS Access Key] AKIAIOSFODNN7EXAMPLE
[Database URL] mongodb://admin:password123@...
======================================================================
[✓] Scan completed successfully!
[!] CRITICAL: Sensitive data exposed!
[*] Total items found: 4
Security Impact
Exposed .git directories can reveal:
- Source Code: Complete application source code can be reconstructed
- Credentials: API keys, passwords, and secrets in config files
- Infrastructure Details: Database URLs, server configurations
- Developer Information: Email addresses, commit history
- Private Repositories: URLs to internal/private GitHub/GitLab repos
Remediation
If this tool finds an exposed .git directory:
- Immediately: Block
.gitdirectory in web server configuration - Rotate Credentials: Change all exposed passwords, API keys, tokens
- Review History: Check git history for other sensitive data
- Update Deployment: Ensure
.gitis excluded from production deploys
Apache (.htaccess)
RedirectMatch 404 /\.git
Nginx
location ~ /\.git {
deny all;
return 404;
}
Legal Disclaimer
This tool is for authorized security testing only. Only use on systems you own or have explicit permission to test. Unauthorized access to computer systems is illegal.
Author
Moovendhan V - CyberTechMind
License
MIT License - See LICENSE file for details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file ctm_git_exposure_scanner-1.0.0.tar.gz.
File metadata
- Download URL: ctm_git_exposure_scanner-1.0.0.tar.gz
- Upload date:
- Size: 12.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2b2a765f085e9ab9caf9bb99e68349577db5bf42ca95461a9bb94e6adf10f7a9
|
|
| MD5 |
6aaafaaec0b52e7bf9e1b7d0f9b41c30
|
|
| BLAKE2b-256 |
e13682ce6b75d25c5027f4a6d8a57443c821485608f5a0cab5f84b563b35da5e
|
File details
Details for the file ctm_git_exposure_scanner-1.0.0-py3-none-any.whl.
File metadata
- Download URL: ctm_git_exposure_scanner-1.0.0-py3-none-any.whl
- Upload date:
- Size: 11.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
db72bea954b231d9d16ad6f8d6a62adc99a4145d83a42a2a2073fd857186500f
|
|
| MD5 |
37c79961f6472fc7e11a2421a3256ddf
|
|
| BLAKE2b-256 |
e16ab7b94c930bac9f41fbe6f4742c272f6f9f84cf606a5eea4af3dc38bf8292
|
