A pure python implemented .git/ folder disclosure exploit
Project description
Basically it an py3k version with own implemented Git objects parser for GitHack:
GitHack is a `.git` folder disclosure exploit.
Why another git dumper tool?
python 3.6+ support
pure-Python implementation without third-party dependencies
git database crawling support
zipapp mode support
How it works?
step 1: fetch metadata (eg. .git/{HEAD,index,config})
step 2: using commit objects as seed, crawling whole git database
step 3: parse index, then restore objects to source code
Usage:
portable standalone
> make zipapp
> python githack.pyz http://example.com/.git
pip
> pip install githack
> githack http://example.com/.git