Skip to main content

A pure python implemented .git/ folder disclosure exploit

Project description PyPI - Python Version GitHub

Basically it an py3k version with own implemented Git objects parser for GitHack:

GitHack is a `.git` folder disclosure exploit.

Why another git dumper tool?

  • python 3.6+ support

  • pure-Python implementation without third-party dependencies

  • git database crawling support

  • zipapp mode support

How it works?

  • step 1: fetch metadata (eg. .git/{HEAD,index,config})

  • step 2: using commit objects as seed, crawling whole git database

  • step 3: parse index, then restore objects to source code


  • portable standalone

    > make zipapp

    > python githack.pyz

  • pip

    > pip install githack

    > githack

Project details

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page