Git Pentesting

Git Commands for the Repository Investigation

Check Information

# Basic information
git show
git show <branch-name>
git show <commit-id>
git show <tag-name>
git --git-dir /path/to/.git show

# Configuration
git config --list

# Commit history
git log
git log --stat
git --git-dir /path/to/.git log --stat

# Compare the two commits
git diff
git diff --staged
git diff --cached

# Working tree status
git status

Back to the Previous Commits

# We can get the "commit-id" by 'git log'
git checkout <commit-id>
git --git-dir /path/to/.git checkout <commit-id>

# Return the recent commit
git checkout master
git checkout main

Search the Other Branches

For getting all branches.

git branch -a

Btw, for creating a new branch.

git branch new-branch

Clone the Repository

git clone https://github.com/username/repo.git

# via SSH
git clone ssh://git-user@10.0.0.1/path/to/repo
git clone ssh://git-user@10.0.0.1/path/to/repo.git

Find Tags

# List tags
git tag
git tag -l

# Show the contents of the specific tag
git show <tag-name>

Restore Deleted Files

First off, check deleted files.

git status

Then restore them.

git restore <a-deleted-file>

GitHub Dorks

Search Target Repository

You may be able to get the desired repository by searching in the Google.

The searching word is like " github".

Find Sensitive Data in the Repository

If you can access to the GitHub repository, research files and find the sensitive information. For example:

• Hard-coded contents

• Past commits

• Deleted files in past commits

• Commit messages

• Email address which may leak sensitive information about personal accounts

• Different branches

For more details, see the github-dorks{:target="_blank"}{:rel="noopener"}.

Find Email Address

1. Click the target repository.

2. Move to the commit history.

3. Click the commit and add “.patch” to the URL. For example:

   https://github.com/<username>/<repository>/commit/d4...ff54.patch

4. Check the “From” section in the page. You should find the email address of the commiter.