├── README.md └── Gitrive.yaml /README.md: -------------------------------------------------------------------------------- 1 | 💡 How This Template Works 2 | 3 | Targets .git/ and important files: 4 | 5 | .git/HEAD: Reveals the current branch name. 6 | .git/config: Contains remote repository information. 7 | .git/index: Can leak file paths. 8 | .git/logs/HEAD: Tracks commit history. 9 | .git/refs/heads/master / .git/refs/heads/main: Exposes active branch references. 10 | 11 | 12 | 13 | Uses matchers to confirm exposure: 14 | Checks for ref: refs/heads/ (indicating a valid Git reference). 15 | Looks for [core] in .git/config (Git configuration). 16 | Extracts branch names if .git/HEAD is exposed. 17 | -------------------------------------------------------------------------------- /Gitrive.yaml: -------------------------------------------------------------------------------- 1 | id: Gitrive 2 | 3 | info: 4 | name: Git Repository Exposure 5 | author: KunAl 6 | severity: high 7 | description: | 8 | Detects exposed .git directories or files that could lead to sensitive information leakage. 9 | tags: git,exposure,leak 10 | 11 | requests: 12 | - method: GET 13 | path: 14 | - "{{BaseUrl}}/.git/" 15 | - "{{BaseUrl}}/.git/HEAD" 16 | - "{{BaseUrl}}/.git/config" 17 | - "{{BaseUrl}}/.git/index" 18 | - "{{BaseUrl}}/.git/logs/HEAD" 19 | - "{{BaseUrl}}/.git/refs/heads/master" 20 | - "{{BaseUrl}}/.git/refs/heads/main" 21 | 22 | matchers: 23 | - type: regex 24 | part: body 25 | regex: 26 | - "ref: refs/heads/" # Matches .git/HEAD content 27 | - "\\[core\\]" # Matches .git/config content 28 | 29 | - type: status 30 | status: 31 | - 200 # A successful response indicates exposure 32 | 33 | extractors: 34 | - type: regex 35 | part: body 36 | regex: 37 | - "(?i)ref: refs/heads/([\\w-]+)" # Extracts the branch name from .git/HEAD 38 | --------------------------------------------------------------------------------