AI Summary: Gitjacker is a tool designed to retrieve git repositories and their contents from web servers where the .git directory has been unintentionally exposed. It effectively extracts repository data even when directory listings are disabled, making it suitable for educational purposes and penetration testing. Notable features include ease of installation via a simple script and the ability to operate in scenarios where access to traditional repository resources is restricted.

README

gitjacker

Gitjacker downloads git repositories and extracts their contents from sites where the .git directory has been mistakenly uploaded. It will still manage to recover a significant portion of a repository even where directory listings are disabled.

For educational/penetration testing use only.

More information at https://liam-galvin.co.uk/security/2020/09/26/leaking-git-repos-from-misconfigured-sites.html

Installation

curl -s "https://raw.githubusercontent.com/liamg/gitjacker/master/scripts/install.sh" | bash

…or grab a precompiled binary.

You will need to have git installed to use Gitjacker.

In The News

• 20/06/21: Console 58 - Awesome newsletter featuring tools and beta releases for developers.
• 19/10/20: ZDNet Article - New Gitjacker tool lets you find .git folders exposed online