├── CHANGELOG.md ├── LICENSE.md ├── README.md ├── gitscanner.sh └── img ├── .gitkeep ├── 1-gitscanner.PNG ├── 2-gitscanner.PNG ├── 3-gitscanner.PNG ├── 4-gitscanner.PNG ├── 5-gitscanner.PNG └── 6-gitscanner.PNG /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Change Log 2 | All notable changes to this project will be documented in this file. 3 | 4 | The format is based on [Keep a Changelog](http://keepachangelog.com/) 5 | 6 | ## [1.0.1#beta] - 2020-05-17 7 | - ```Initial Commit``` 8 | - Codename ```Nezuko``` Released 9 | ## [1.0.2#beta] - 2020-05-20 10 | - ```Commit``` 11 | - Codename ```Assassin Actual``` Released (Generation Kill FTW!!!) 12 | - ```Fixing``` 13 | - Mass Dumper : Added Queue, So when mass dumper loops, the dump process will not stop on the second task. 14 | - Dump Function : Change the dump process to a function so it will be much simpler and not wasting of spaces. 15 | - ```Update``` 16 | - Menu are changed, choosing not so many colors. 17 | - Added File Checking, it will thrown error if the file doesn't exist your didn't provide any filename. 18 | - Added Validity Checking for URL, All url that will be inputed must start with ```https://``` or ```http://``` (it will not gonna work when using with `www.example.com` as the format), it will thrown error if the url didn't follow the format or you didn't provide any url. 19 | - Added Extractor (`Experimental`). 20 | - Added Dump Only option, this option created for the `Maybe Vuln` scan results or a target that had `Directory Listing` disabled or etc. 21 | - On every end of the dump process, it will run ```git checkout .``` automatically on the destination folder. This will feature is on whether mass target or single target selected. 22 | -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Highlander Subaron 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Git Scanner Framework 2 | [![License](https://img.shields.io/badge/license-MIT-red.svg?style=flat)](https://github.com/HightechSec/git-scanner/blob/master/LICENSE.md) 3 | ![Build](https://img.shields.io/badge/Supported_OS-Linux-yellow.svg?style=flat) 4 | ![Build](https://img.shields.io/badge/Supported_WSL-Windows-blue.svg?style=flat) 5 | ![GitHub code size in bytes](https://img.shields.io/github/languages/code-size/HightechSec/git-scanner) 6 | ![GitHub repo size](https://img.shields.io/github/repo-size/HightechSec/git-scanner) 7 | ![GitHub last commit](https://img.shields.io/github/last-commit/HightechSec/git-scanner) 8 | ![GitHub stars](https://img.shields.io/github/stars/HightechSec/git-scanner) 9 | ![GitHub pull requests](https://img.shields.io/github/issues-pr/HightechSec/git-scanner) 10 | ![GitHub forks](https://img.shields.io/github/forks/HightechSec/git-scanner) 11 | ![GitHub issues](https://img.shields.io/github/issues/HightechSec/git-scanner) 12 | ![GitHub watchers](https://img.shields.io/github/watchers/HightechSec/git-scanner) 13 | 14 | This tool can scan websites with open ```.git``` repositories for `Bug Hunting`/ `Pentesting Purposes` and can dump the content of the ```.git``` repositories from webservers that found from the scanning method. This tool works with the provided Single target or Mass Target from a file list. 15 | 16 | 17 | ## Installation 18 | ``` 19 | - git clone https://github.com/HightechSec/git-scanner 20 | - cd git-scanner 21 | - bash gitscanner.sh 22 | ``` 23 | or you can install in your system like this 24 | ``` 25 | - git clone https://github.com/HightechSec/git-scanner 26 | - cd git-scanner 27 | - sudo cp gitscanner.sh /usr/bin/gitscanner && sudo chmod +x /usr/bin/gitscanner 28 | - $ gitscanner 29 | ``` 30 | ## Usage 31 | - Menu's 32 | - Menu `1` is for scanning and dumping git repositories from a provided file that contains the `list of the target url` or a provided `single target url`. 33 | - Menu `2` is for scanning only a git repositories from a provided file that contains the `list of the target url` or a provided `single target url`. 34 | - Menu `3` is for Dumping only the git repositories from a provided file that contains `list of the target url` or a provided `single target url`. This will work for the `Maybe Vuln` Results or sometimes with a repository that had directory listing disabled or maybe had a `403 Error Response`. 35 | - Menu `4` is for Extracting files only from a Folder that had .git Repositories to a destination folder 36 | - URL Format 37 | - Use ```http://``` like ```http://example.com``` or ```https://``` like ```https://example.com``` for the url formatting 38 | - Make sure use this format in the files that contains the list of possible target that you have, Example: 39 | - https://target.com 40 | - http://hackerone.com 41 | - https://bugcrowd.com 42 | - Extractor 43 | - When using Extractor, make sure the location of the git repositories that you select are correct. Remember, The first option is for inputing the `Selected git repository` and the second option is for inputing the `Destination folder` 44 | 45 | ## Requirements 46 | * curl 47 | * bash 48 | * git 49 | * sed 50 | 51 | ## Todos 52 | - Creating a `Docker Images` if it's possible 53 | - ~~Adding Extractor on the next Version~~ Added in version 1.0.2#beta but still experimental. 54 | - Adding ~~Thread Processing~~ Multi Processing (`Bash doesn't Support Threading`) 55 | 56 | ## Changelog 57 | All notable changes to this project listed in this [file](https://github.com/HightechSec/git-scanner/blob/master/CHANGELOG.md) 58 | 59 | # Credits 60 | Thanks to: 61 | - [GitTools](https://github.com/internetwache/GitTools) by [internetwache](https://github.com/internetwache/) 62 | - [Mass Git Scanner](https://github.com/Adelittle/Mass_Git_Scanner/) by [Ade Little](https://github.com/Adelittle/) 63 | -------------------------------------------------------------------------------- /gitscanner.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #Colors variabel 3 | NC='\033[0m' 4 | RED='\033[1;38;5;196m' 5 | GREEN='\033[1;38;5;040m' 6 | ORANGE='\033[1;38;5;202m' 7 | BLUE='\033[1;38;5;012m' 8 | BLUE2='\033[1;38;5;032m' 9 | PINK='\033[1;38;5;013m' 10 | GRAY='\033[1;38;5;004m' 11 | NEW='\033[1;38;5;154m' 12 | YELLOW='\033[1;38;5;214m' 13 | CG='\033[1;38;5;087m' 14 | CP='\033[1;38;5;221m' 15 | CPO='\033[1;38;5;205m' 16 | CN='\033[1;38;5;247m' 17 | CNC='\033[1;38;5;051m' 18 | 19 | #Env 20 | regex='^(https?)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]\.[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]$' 21 | LINK='https://github.com/HightechSec/' 22 | 23 | #Banner and version 24 | Codename='Assassin Actual' 25 | Vers=1.0.2#beta 26 | function banner(){ 27 | echo -e ${CP}" ___ ___ __ _ _ __ _ __ ___ _ __ " 28 | echo -e ${CP}"/ __|/ __/ _' | '_ \| '_ \ / _ \ '__| " 29 | echo -e ${CP}"\__ \ (_| (_| | | | | | | | __/ | " 30 | echo -e ${CP}"|___/\___\__,_|_| |_|_| |_|\___|_| " 31 | echo -e "${BLUE2}A Framework for Scanning and Dumping" 32 | echo -e " ${BLUE2}Exposed Git Repository" 33 | } 34 | #Main Menu 35 | function Main_Menu(){ 36 | clear 37 | banner 38 | echo "" 39 | echo -e "${CN}Author : ${BLUE}Hightech ($LINK)" 40 | echo -e "${CN}Codename : ${CPO}${Codename}" 41 | echo -e "${CN}Version : ${BLUE}${Vers}" 42 | echo "" 43 | echo -e " ${NC}[${CG}"1"${NC}]${CNC} Scanner and Dumper Menu" 44 | echo -e " ${NC}[${CG}"2"${NC}]${CNC} Scanner only Menu" 45 | echo -e " ${NC}[${CG}"3"${NC}]${CNC} Dump only Menu" 46 | echo -e " ${NC}[${CG}"4"${NC}]${CNC} Extractor" 47 | echo -e " ${NC}[${CG}"5"${NC}]${CNC} Exit" 48 | 49 | echo "" 50 | echo -ne "${YELLOW}Input your choice: "; tput sgr0 51 | read GIT 52 | #Menu Function 53 | if test "$GIT" == '1' 54 | then 55 | ScanDumpMenu 56 | elif test "$GIT" == '2' 57 | then 58 | ScanMenu 59 | elif test "$GIT" == '3' 60 | then 61 | DumpMenu 62 | elif test "$GIT" == '4' 63 | then 64 | extractmenu 65 | elif test "$GIT" == '5' 66 | then 67 | exit 68 | else 69 | Main_Menu 70 | fi 71 | } 72 | #Dumper Function 73 | function dumpstart(){ 74 | GITDIR=.git 75 | BASEGITDIR="$BASEDIR/$GITDIR/"; 76 | QUEUE=(); 77 | DUMPED=(); 78 | 79 | if [ ! -d "$BASEGITDIR" ]; then 80 | echo -e "${PINK}[*] Destination folder does not exist"; 81 | echo -e "${PINK}[+] Creating $BASEGITDIR"; 82 | mkdir -p "$BASEGITDIR"; 83 | fi 84 | function start_download(){ 85 | QUEUE+=('HEAD') 86 | QUEUE+=('objects/info/packs') 87 | QUEUE+=('description') 88 | QUEUE+=('config') 89 | QUEUE+=('COMMIT_EDITMSG') 90 | QUEUE+=('index') 91 | QUEUE+=('packed-refs') 92 | QUEUE+=('refs/heads/master') 93 | QUEUE+=('refs/remotes/origin/HEAD') 94 | QUEUE+=('refs/stash') 95 | QUEUE+=('logs/HEAD') 96 | QUEUE+=('logs/refs/heads/master') 97 | QUEUE+=('logs/refs/remotes/origin/HEAD') 98 | QUEUE+=('info/refs') 99 | QUEUE+=('info/exclude') 100 | 101 | while [ ${#QUEUE[*]} -gt 0 ] 102 | do 103 | download_item ${QUEUE[@]:0:1} 104 | QUEUE=( "${QUEUE[@]:1}" ) 105 | done 106 | } 107 | function download_item() { 108 | local objname=$1 109 | local url="$SITE/.git/$objname" 110 | local hashes=() 111 | local packs=() 112 | 113 | if [[ " ${DUMPED[@]} " =~ " ${objname} " ]]; then 114 | return 115 | fi 116 | local target="$BASEGITDIR$objname" 117 | 118 | dir=$(echo "$objname" | grep -oE "^(.*)/") 119 | if [ $? -ne 1 ]; then 120 | mkdir -p "$BASEGITDIR/$dir" 121 | fi 122 | 123 | curl -L -A "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" -f -k -s "$url" -o "$target" 124 | 125 | DUMPED+=("$objname") 126 | if [ ! -f "$target" ]; then 127 | echo -e "${RED}[-] Dumped: $objname" 128 | return 129 | fi 130 | echo -e "${NEW}[+] Dumped: $objname" 131 | 132 | if [[ "$objname" =~ /[a-f0-9]{2}/[a-f0-9]{38} ]]; then 133 | cwd=$(pwd) 134 | cd "$BASEDIR" 135 | 136 | hash=$(echo "$objname" | sed -e 's~objects~~g' | sed -e 's~/~~g') 137 | 138 | type=$(git cat-file -t "$hash" 2> /dev/null) 139 | if [ $? -ne 0 ]; then 140 | cd "$cwd" 141 | rm "$target" 142 | return 143 | fi 144 | 145 | if [[ "$type" != "blob" ]]; then 146 | hashes+=($(git cat-file -p "$hash" | grep -oE "([a-f0-9]{40})")) 147 | else 148 | hashes+=($(git cat-file -p "$hash" | strings -a | grep -oE "([a-f0-9]{40})")) 149 | fi 150 | 151 | cd "$cwd" 152 | fi 153 | 154 | hashes+=($(cat "$target" | strings -a | grep -oE "([a-f0-9]{40})")) 155 | for hash in ${hashes[*]} 156 | do 157 | QUEUE+=("objects/${hash:0:2}/${hash:2}") 158 | done 159 | 160 | packs+=($(cat "$target" | strings -a | grep -oE "(pack\-[a-f0-9]{40})")) 161 | for pack in ${packs[*]} 162 | do 163 | QUEUE+=("objects/pack/$pack.pack") 164 | QUEUE+=("objects/pack/$pack.idx") 165 | done 166 | 167 | } 168 | function extractor(){ 169 | cd $BASEDIR 170 | git checkout . 171 | } 172 | start_download && extractor 173 | } 174 | function extract() { 175 | sour="$SOURCE"; 176 | targ="$TARGET"; 177 | 178 | if [ ! -d "$SOURCE/.git" ]; then 179 | echo -e "${RED}[-] There's no .git folder"; 180 | exit 1; 181 | fi 182 | 183 | if [ ! -d "$TARGET" ]; then 184 | echo -e "${NEW}Destination folder does not exist"; 185 | echo -e "${NEW}Creating..." 186 | mkdir "$TARGET"; 187 | fi 188 | 189 | function traverse_tree() { 190 | local tree=$1 191 | local path=$2 192 | 193 | #Read blobs/tree information from root tree 194 | git ls-tree $tree | 195 | while read leaf; do 196 | type=$(echo $leaf | awk -F' ' '{print $2}') #grep -oP "^\d+\s+\K\w{4}"); 197 | hash=$(echo $leaf | awk -F' ' '{print $3}') #grep -oP "^\d+\s+\w{4}\s+\K\w{40}"); 198 | name=$(echo $leaf | awk '{$1=$2=$3=""; print substr($0,4)}') #grep -oP "^\d+\s+\w{4}\s+\w{40}\s+\K.*"); 199 | 200 | # Get the blob data 201 | git cat-file -e $hash; 202 | #Ignore invalid git objects (e.g. ones that are missing) 203 | if [ $? -ne 0 ]; then 204 | continue; 205 | fi 206 | 207 | if [ "$type" = "blob" ]; then 208 | echo -e "${NEW}[+] Found file: $path/$name" 209 | git cat-file -p $hash > "$path/$name" 210 | else 211 | echo -e "${NEW}[+] Found folder: $path/$name" 212 | mkdir -p "$path/$name"; 213 | #Recursively traverse sub trees 214 | traverse_tree $hash "$path/$name"; 215 | fi 216 | 217 | done; 218 | } 219 | 220 | function traverse_commit() { 221 | local base=$1 222 | local commit=$2 223 | local count=$3 224 | 225 | #Create folder for commit data 226 | echo -e "${NEW}[+] Found commit: $commit"; 227 | path="$base/$count-$commit" 228 | mkdir -p $path; 229 | #Add meta information 230 | git cat-file -p "$commit" > "$path/commit-meta.txt" 231 | #Try to extract contents of root tree 232 | traverse_tree $commit $path 233 | } 234 | 235 | #Current directory as we'll switch into others and need to restore it. 236 | OLDDIR=$(pwd) 237 | TARGETDIR=$TARGET 238 | COMMITCOUNT=0; 239 | 240 | #If we don't have an absolute path, add the prepend the CWD 241 | if [ "${TARGETDIR:0:1}" != "/" ]; then 242 | TARGETDIR="$OLDDIR/$TARGET" 243 | fi 244 | 245 | cd $SOURCE 246 | 247 | #Extract all object hashes 248 | find ".git/objects" -type f | 249 | sed -e "s/\///g" | 250 | sed -e "s/\.gitobjects//g" | 251 | while read object; do 252 | 253 | type=$(git cat-file -t $object) 254 | 255 | # Only analyse commit objects 256 | if [ "$type" = "commit" ]; then 257 | CURDIR=$(pwd) 258 | traverse_commit "$TARGETDIR" $object $COMMITCOUNT 259 | cd $CURDIR 260 | 261 | COMMITCOUNT=$((COMMITCOUNT+1)) 262 | fi 263 | 264 | done; 265 | 266 | cd $OLDDIR; 267 | } 268 | #Menu Scan&Dump 269 | function ScanDumpMenu(){ 270 | clear 271 | banner 272 | echo "" 273 | echo -e " ${CNC}Scan & Dump Menu" 274 | 275 | echo -e " ${NC}[${CG}"1"${NC}]${CNC} Scanner and Dumper for Mass Target" 276 | echo -e " ${NC}[${CG}"2"${NC}]${CNC} Scanner and Dumper Single Target" 277 | echo -e " ${NC}[${CG}"3"${NC}]${CNC} Back to Main menu" 278 | echo -e " ${NC}[${CG}"4"${NC}]${CNC} Exit" 279 | 280 | echo "" 281 | echo -ne "${YELLOW}Input your choice: "; tput sgr0 282 | read scandump 283 | #Menu Function 284 | if test "$scandump" == '1' 285 | then 286 | mass_sdump 287 | elif test "$scandump" == '2' 288 | then 289 | single_sdump 290 | elif test "$scandump" == '3' 291 | then 292 | Main_Menu 293 | elif test "$scandump" == '4' 294 | then 295 | exit 296 | else 297 | ScanDumpMenu 298 | fi 299 | } 300 | function mass_sdump(){ 301 | echo -ne "${YELLOW}Input your file (ex: /path/to/file.txt): "; tput sgr0 302 | read LISTS 303 | if [[ -f ${LISTS} ]]; then 304 | echo -e "${GREEN}SUCCESS: File Loaded!" 305 | else : 306 | echo -e "${RED}ERROR: File not found!" 307 | mass_sdump 308 | return 1 309 | fi 310 | clear 311 | for SITE in $(cat $LISTS); 312 | do 313 | echo "" 314 | echo -e "${PINK}Scan & Dump process started..." 315 | echo -e "${PINK}Target: ${GRAY}${SITE}..." 316 | if [[ ${SITE} =~ $regex ]]; then 317 | : 318 | else : 319 | echo -e "${RED}ERROR: Not a Valid URL" 320 | continue 321 | fi 322 | if [[ $(curl -s -m 3 -A "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:65.0) Gecko/20100101 Firefox/65.0" "${SITE}/.git/" ) =~ 'Index of /.git' ]]; then 323 | echo -e "${GREEN}[+] VULN:${BLUE} ${SITE}" 324 | echo -ne "${YELLOW}Input your destination folder: "; tput sgr0 325 | read BASEDIR 326 | dumpstart 327 | elif [[ $(curl -s -m 3 -A "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:65.0) Gecko/20100101 Firefox/65.0" "${SITE}/.git/" -w %{http_code} -o /dev/null ) =~ '403' ]]; then 328 | echo -e "${ORANGE}[+] MAYBE VULN:${BLUE} ${SITE}" 329 | else : 330 | echo -e "${RED}[+] NOT VULN:${BLUE} ${SITE}" 331 | fi 332 | done 333 | } 334 | function single_sdump(){ 335 | echo "" 336 | echo -ne "${YELLOW}Input your target (ex: http://example.com): "; tput sgr0 337 | read SITE 338 | if [[ ${SITE} =~ $regex ]]; then 339 | : 340 | else : 341 | echo -e "${RED}ERROR: ${SITE} is not a Valid URL" 342 | single_sdump 343 | return 1 344 | fi 345 | clear 346 | echo "" 347 | echo -e "${PINK}Scan & Dump process started..." 348 | echo -e "${PINK}Target: ${GRAY}${SITE}..." 349 | if [[ $(curl -s -m 3 -A "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:65.0) Gecko/20100101 Firefox/65.0" "${SITE}/.git/" ) =~ 'Index of /.git' ]]; then 350 | echo -e "${GREEN}[+] VULN:${BLUE} ${SITE}" 351 | echo -ne "${YELLOW}Input your destination folder: "; tput sgr0 352 | read BASEDIR 353 | dumpstart 354 | elif [[ $(curl -s -m 3 -A "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:65.0) Gecko/20100101 Firefox/65.0" "${SITE}/.git/" -w %{http_code} -o /dev/null ) =~ '403' ]]; then 355 | echo -e "${ORANGE}[+] MAYBE VULN:${BLUE} ${SITE}" 356 | else : 357 | echo -e "${RED}[+] NOT VULN:${BLUE} ${SITE}" 358 | fi 359 | } 360 | #Menu Scan 361 | function ScanMenu(){ 362 | clear 363 | banner 364 | echo "" 365 | echo -e " ${CNC}Scanner Menu" 366 | echo -e " ${NC}[${CG}"1"${NC}]${CNC} Scanner for Mass Target" 367 | echo -e " ${NC}[${CG}"2"${NC}]${CNC} Scanner for Single Target" 368 | echo -e " ${NC}[${CG}"3"${NC}]${CNC} Back to Main menu" 369 | echo -e " ${NC}[${CG}"4"${NC}]${CNC} Exit" 370 | 371 | echo "" 372 | echo -ne "${YELLOW}Input your choice: "; tput sgr0 373 | read scan 374 | #Menu Function 375 | if test "$scan" == '1' 376 | then 377 | mass_scan 378 | elif test "$scan" == '2' 379 | then 380 | single_scan 381 | elif test "$scan" == '3' 382 | then 383 | Main_Menu 384 | elif test "$scan" == '4' 385 | then 386 | exit 387 | else 388 | ScanMenu 389 | fi 390 | } 391 | function mass_scan(){ 392 | echo -ne "${YELLOW}Input your file (ex: /path/to/file.txt): "; tput sgr0 393 | read LISTS 394 | if [[ -f ${LISTS} ]]; then 395 | echo -e "${GREEN}SUCCESS: File Loaded!" 396 | else : 397 | echo -e "${RED}ERROR: ${LISTS} not found!" 398 | mass_scan 399 | return 1 400 | fi 401 | clear 402 | for SITE in $(cat $LISTS); 403 | do 404 | echo "" 405 | echo -e "${PINK}Scanning process started..." 406 | echo -e "${PINK}Target: ${GRAY}${SITE}..." 407 | if [[ ${SITE} =~ $regex ]]; then 408 | : 409 | else : 410 | echo -e "${RED}ERROR: Not a Valid URL" 411 | continue 412 | fi 413 | if [[ $(curl -s -m 3 -A "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:65.0) Gecko/20100101 Firefox/65.0" "${SITE}/.git/" ) =~ 'Index of /.git' ]]; then 414 | echo -e "${GREEN}[+] VULN:${BLUE} ${SITE}" 415 | elif [[ $(curl -s -m 3 -A "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:65.0) Gecko/20100101 Firefox/65.0" "${SITE}/.git/" -w %{http_code} -o /dev/null ) =~ '403' ]]; then 416 | echo -e "${ORANGE}[+] MAYBE VULN:${BLUE} ${SITE}" 417 | else : 418 | echo -e "${RED}[+] NOT VULN:${BLUE} ${SITE}" 419 | fi 420 | done 421 | } 422 | function single_scan(){ 423 | echo "" 424 | echo -ne "${YELLOW}Input your target (ex: http://example.com): "; tput sgr0 425 | read SITE 426 | if [[ ${SITE} =~ $regex ]]; then 427 | : 428 | else : 429 | echo -e "${RED}ERROR: ${SITE} is not a Valid URL" 430 | single_scan 431 | return 1 432 | fi 433 | clear 434 | echo "" 435 | echo -e "${PINK}Scanning process started..." 436 | echo -e "${PINK}Target: ${GRAY}${SITE}..." 437 | if [[ $(curl -s -m 3 -A "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:65.0) Gecko/20100101 Firefox/65.0" "${SITE}/.git/" ) =~ 'Index of /.git' ]]; then 438 | echo -e "${GREEN}[+] VULN:${BLUE} ${SITE}" 439 | elif [[ $(curl -s -m 3 -A "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:65.0) Gecko/20100101 Firefox/65.0" "${SITE}/.git/" -w %{http_code} -o /dev/null ) =~ '403' ]]; then 440 | echo -e "${ORANGE}[+] MAYBE VULN:${BLUE} ${SITE}" 441 | else : 442 | echo -e "${RED}[+] NOT VULN:${BLUE} ${SITE}" 443 | fi 444 | } 445 | #Menu dump 446 | function DumpMenu(){ 447 | clear 448 | banner 449 | echo "" 450 | echo -e " ${CNC}Dumper Menu" 451 | echo -e " ${NC}[${CG}"1"${NC}]${CNC} Dumper for Mass Target" 452 | echo -e " ${NC}[${CG}"2"${NC}]${CNC} Dumper for Single Target" 453 | echo -e " ${NC}[${CG}"3"${NC}]${CNC} Back to Main menu" 454 | echo -e " ${NC}[${CG}"4"${NC}]${CNC} Exit" 455 | 456 | echo "" 457 | echo -ne "${YELLOW}Input your choice: "; tput sgr0 458 | read dump 459 | #Menu Function 460 | if test "$dump" == '1' 461 | then 462 | mass_dump 463 | elif test "$dump" == '2' 464 | then 465 | single_dump 466 | elif test "$dump" == '3' 467 | then 468 | Main_Menu 469 | elif test "$dump" == '4' 470 | then 471 | exit 472 | else 473 | DumpMenu 474 | fi 475 | } 476 | function mass_dump(){ 477 | echo -ne "${YELLOW}Input your file (ex: /path/to/file.txt): "; tput sgr0 478 | read LISTS 479 | if [[ -f ${LISTS} ]]; then 480 | echo -e "${GREEN}SUCCESS: File Loaded!" 481 | else : 482 | echo -e "${RED}ERROR: File not found!" 483 | mass_dump 484 | return 1 485 | fi 486 | clear 487 | for SITE in $(cat $LISTS); 488 | do 489 | echo "" 490 | echo -e "${PINK}Dumping process started..." 491 | echo -e "${PINK}Target: ${GRAY}${SITE}..." 492 | if [[ ${SITE} =~ $regex ]]; then 493 | : 494 | else : 495 | echo -e "${RED}ERROR: Not a Valid URL" 496 | continue 497 | fi 498 | echo -ne "${YELLOW}Input your destination folder: "; tput sgr0 499 | read BASEDIR 500 | dumpstart 501 | done 502 | } 503 | 504 | function single_dump(){ 505 | echo "" 506 | echo -ne "${YELLOW}Input your target (ex: http://example.com): "; tput sgr0 507 | read SITE 508 | if [[ ${SITE} =~ $regex ]]; then 509 | : 510 | else : 511 | echo -e "${RED}ERROR: ${SITE} is not a Valid URL" 512 | single_dump 513 | return 1 514 | fi 515 | clear 516 | echo "" 517 | echo -e "${PINK}Scanning process started..." 518 | echo -e "${PINK}Target: ${GRAY}${SITE}..." 519 | echo -ne "${YELLOW}Input your destination folder: "; tput sgr0 520 | read BASEDIR 521 | dumpstart 522 | } 523 | function extractmenu(){ 524 | echo -ne "${YELLOW}Input your git folder: "; tput sgr0 525 | read SOURCE 526 | echo -ne "${YELLOW}Input your extracted folder: "; tput sgr0 527 | read TARGET 528 | extract 529 | } 530 | Main_Menu 531 | -------------------------------------------------------------------------------- /img/.gitkeep: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /img/1-gitscanner.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HightechSec/git-scanner/47108dc073245e8c3b8a3bc93552543ae71a6354/img/1-gitscanner.PNG -------------------------------------------------------------------------------- /img/2-gitscanner.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HightechSec/git-scanner/47108dc073245e8c3b8a3bc93552543ae71a6354/img/2-gitscanner.PNG -------------------------------------------------------------------------------- /img/3-gitscanner.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HightechSec/git-scanner/47108dc073245e8c3b8a3bc93552543ae71a6354/img/3-gitscanner.PNG -------------------------------------------------------------------------------- /img/4-gitscanner.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HightechSec/git-scanner/47108dc073245e8c3b8a3bc93552543ae71a6354/img/4-gitscanner.PNG -------------------------------------------------------------------------------- /img/5-gitscanner.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HightechSec/git-scanner/47108dc073245e8c3b8a3bc93552543ae71a6354/img/5-gitscanner.PNG -------------------------------------------------------------------------------- /img/6-gitscanner.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HightechSec/git-scanner/47108dc073245e8c3b8a3bc93552543ae71a6354/img/6-gitscanner.PNG --------------------------------------------------------------------------------