search

Git

If a .git directory is found in a web application you can download all the content using wget -r http://web.com/.gitarrow-up-right. Then, you can see the changes made by using git diff.

The tools: Git-Moneyarrow-up-right, DVCS-Pillagearrow-up-right and GitToolsarrow-up-right can be used to retrieve the content of a git directory.

The tool https://github.com/cve-search/git-vuln-finderarrow-up-right can be used to search for CVEs and security vulnerability messages inside commits messages.

The tool https://github.com/michenriksen/gitrobarrow-up-right search for sensitive data in the repositories of an organisations and its employees.

Repo security scannerarrow-up-right is a command line-based tool that was written with a single goal: to help you discover GitHub secrets that developers accidentally made by pushing sensitive data. And like the others, it will help you find passwords, private keys, usernames, tokens and more.

TruffleHogarrow-up-right searches through GitHub repositories and digs through the commit history and branches, looking for accidentally committed secrets

Here you can find an study about github dorks: https://securitytrails.com/blog/github-dorksarrow-up-right

PreviousFlaskNextGraphQL

Last updated