ENNAENNA

git-dumper

MIT

๐Ÿ’ฅ Exploitation ยท Python

git-dumper downloads and reconstructs Git repositories from web servers where the .git directory is accidentally exposed. Many deployments leave .git accessible, exposing full source code, commit history, configuration files, and potentially credentials. git-dumper handles the complex process of downloading individual Git objects, reconstructing the pack files, and rebuilding a complete working repository. It supports recursive object resolution, handles missing objects gracefully, and works through redirects and basic authentication. A critical tool for web application pentesting where source code access dramatically accelerates vulnerability discovery.

2.5kstars
296forks
10issues
Updated 1mo ago
+I use this
View on GitHub

Installation

$ pip install git-dumper

Use Cases

  • Dumping exposed .git directories from web servers
  • Recovering full source code and commit history
  • Finding credentials in Git commit history
  • Source code review from accidentally exposed repositories

Tags

git-exposuresource-codeweb-exploitationinformation-disclosurerecongitsecurityweb

Details

Category
๐Ÿ’ฅ Exploitation
Language
Python
License
MIT
Platforms
๐Ÿงlinux๐ŸŽmacos๐ŸชŸwindows

Links

GitHub Repository

github.com/arthaud/git-dumper

Releases

github.com/arthaud/git-dumper/releases

Issues

github.com/arthaud/git-dumper/issues

Sponsored

Your ad here

Reach security professionals and developers - ads@en-na.com

Community Reviews

Alternatives & Comparisons

TruffleHog

Go

Find leaked credentials in Git repos, S3 buckets, and filesystems. Regex and entropy-based detection.

Compare git-dumper vs TruffleHog

Gitleaks

Go

Scan Git repos for hardcoded secrets like passwords, API keys, and tokens. CI/CD ready.

Compare git-dumper vs Gitleaks

SecretFinder

Python

Discover sensitive data like API keys, tokens, and credentials in JavaScript files.

Compare git-dumper vs SecretFinder

More in Exploitation

Metasploit Framework

Ruby

The world's most used penetration testing framework. Exploit development, payload delivery, post-exploitation.

exploitpayloadpost-exploitation

BloodHound

Go

Active Directory attack path mapping. Visualizes privilege escalation paths using graph theory.

active-directorygraphprivilege-escalation

Impacket

Python

Collection of Python classes for working with network protocols. Essential for Windows/AD pentesting.

smbactive-directoryprotocol

CrackMapExec

Python

Swiss army knife for pentesting Active Directory. SMB, LDAP, MSSQL, WinRM enumeration and exploitation.

active-directorysmblateral-movement

Evil-WinRM

Ruby

Ultimate WinRM shell for pentesting. Upload/download, in-memory PowerShell, DLL injection, pass-the-hash.

winrmpowershellpass-the-hash

Covenant

C#

.NET C2 framework. Collaborative, web-based interface for red team operations and implant management.

c2red-teamdotnet