A powerful tool for scanning and cloning Git repositories with exposed .git/config files
Project description
GitSnipe
A powerful and flexible CLI tool to scan websites for exposed .git/config files, extract credentialed repository URLs, and clone repositories using Git or git-dumper. Designed for security researchers, penetration testers, and DevOps professionals.
🚀 Features
- Comprehensive Scanning:
Detect exposed.git/configfiles using advanced path and header bypass techniques. - Credential Extraction:
Identify and extract embedded credentials (tokens, usernames, passwords) from repository URLs. - Repository Cloning:
Clone repositories using standard Git or git-dumper for maximum compatibility. - Automated Analysis:
Analyze repository metadata, commit history, branches, tags, and structure. - Multi-format Input:
Accepts TXT, CSV, and JSON files with domain/URL lists (with or without ports). - Detailed Reporting:
Generates JSON and Markdown reports with scan and clone details. - Safe Credential Handling:
Redacts sensitive tokens in saved reports and prompts before using high-privilege credentials. - Batch Processing:
Scan and clone from single URLs or large input files. - Rich CLI Output:
Uses Rich for beautiful, informative terminal output.
📦 Installation
pip install gitsnipe
Or install from source:
git clone https://github.com/ishanoshada/GitSnipe
cd GitSnipe
pip install -e .
Requirements
- Python 3.7+
- git-dumper (
pip install git-dumper) - Git client installed and available in PATH
🛠️ Usage
Basic Scan
gitsnipe https://example.com
Batch Scan
gitsnipe -i domain_ports.txt
Advanced Options
gitsnipe [URL] [-i INPUT_FILE] [-o OUTPUT_DIR] [-f] [--clone]
Arguments
url: Website URL to scan (e.g.,https://example.com)-i, --input-file: File containing URLs/domains to scan (.txt,.csv,.json)-o, --output-dir: Directory for scan results and cloned repositories-f, --force: Overwrite existing clone directories--clone: Skip scanning and attempt direct cloning (useful if you already know the repo is exposed)
Examples
# Scan a single URL
gitsnipe https://example.com
# Scan multiple URLs from a file
gitsnipe -i domain_ports.txt -o output_dir
# Force overwrite existing directories during clone
gitsnipe https://example.com -f --clone
# Save results to a custom output directory
gitsnipe https://example.com -o /path/to/output
📂 Output Structure
output_dir/
├── scan_results/
│ └── scan_result_YYYYMMDD_HHMMSS.json
└── cloned_repos/
└── repository_name/
├── .git/
├── .clone_info.json
└── CLONE_INFO.md
- scan_results/: JSON files with detailed scan summaries.
- cloned_repos/: Each cloned repository with metadata and Markdown report.
🔒 Security Notes
- Credentials are redacted in saved reports.
- Prompts for confirmation before using high-privilege tokens.
- Designed for responsible security testing—do not use on systems you do not own or have explicit permission to test.
🧩 Features in Detail
Git Config Detection
- Multiple path and header bypass strategies for WAF/IDS evasion.
- Advanced response and redirect analysis.
- Supports explicit port numbers and non-standard domains.
Credential Analysis
- Detects and classifies tokens (GitHub, GitLab, Bitbucket, etc.).
- Assesses privilege level and security scope.
- Securely handles and redacts sensitive information.
Repository Analysis
- Extracts repository metadata (branches, tags, commit history).
- Calculates repository size and structure.
- Reports on untracked/dirty files.
Documentation & Reporting
- Generates Markdown and JSON reports for each clone.
- Summarizes scan results for batch operations.
- Easy integration with other tools and workflows.
⚠️ Error Handling
- Robust exception management and clear error messages.
- Handles network errors, permission issues, and malformed input gracefully.
- Continues batch scans even if some targets fail.
📜 License
MIT License
🤝 Contributing
Contributions are welcome! Please read the contribution guidelines before submitting pull requests or issues.
💬 Support
For issues, feature requests, or questions, please use the GitHub issue tracker.
⭐ Acknowledgements
Disclaimer:
This tool is for educational and authorized security testing purposes only. Always obtain proper permission before scanning or cloning repositories from third-party systems.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file gitsnipe-1.0.1.tar.gz.
File metadata
- Download URL: gitsnipe-1.0.1.tar.gz
- Upload date:
- Size: 13.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.9.23
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5a181ee89acd70a0a895d30a9950fc731f44066c3afeb3cf979c84bcbbe520b9
|
|
| MD5 |
6e14a8407f722609011f8fbd93dc6f1d
|
|
| BLAKE2b-256 |
2aee8802ea9d0a3a0d865d117e699da20e1f19a0e130d5c3e35127e307ecb18c
|
File details
Details for the file gitsnipe-1.0.1-py3-none-any.whl.
File metadata
- Download URL: gitsnipe-1.0.1-py3-none-any.whl
- Upload date:
- Size: 11.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.9.23
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
325928bfe6f08a838fc65f46bf4513dc52f568ad6ff1740a97818c4e0a7d7350
|
|
| MD5 |
0852675e98e9ee0c0e731bfda3025571
|
|
| BLAKE2b-256 |
3d1d2b3429d6d3b57e78b94bb3e89ce52b48beab785cb4ba7df7ec49e917c9e7
|
