# Git Pentesting

### Git Commands for the Repository Investigation <a href="#git-commands-for-the-repository-investigation" id="git-commands-for-the-repository-investigation"></a>

#### Check Information <a href="#check-information" id="check-information"></a>

```shellscript
# Basic information
git show
git show <branch-name>
git show <commit-id>
git show <tag-name>
git --git-dir /path/to/.git show

# Configuration
git config --list

# Commit history
git log
git log --stat
git --git-dir /path/to/.git log --stat

# Compare the two commits
git diff
git diff --staged
git diff --cached

# Working tree status
git status
```

#### Back to the Previous Commits <a href="#back-to-the-previous-commits" id="back-to-the-previous-commits"></a>

```shellscript
# We can get the "commit-id" by 'git log'
git checkout <commit-id>
git --git-dir /path/to/.git checkout <commit-id>

# Return the recent commit
git checkout master
git checkout main
```

#### Search the Other Branches <a href="#search-the-other-branches" id="search-the-other-branches"></a>

For getting all branches.

```shellscript
git branch -a
```

Btw, for creating a new branch.

```shellscript
git branch new-branch
```

#### Clone the Repository <a href="#clone-the-repository" id="clone-the-repository"></a>

```shellscript
git clone https://github.com/username/repo.git

# via SSH
git clone ssh://git-user@10.0.0.1/path/to/repo
git clone ssh://git-user@10.0.0.1/path/to/repo.git
```

#### Find Tags <a href="#find-tags" id="find-tags"></a>

```shellscript
# List tags
git tag
git tag -l

# Show the contents of the specific tag
git show <tag-name>
```

#### Restore Deleted Files <a href="#restore-deleted-files" id="restore-deleted-files"></a>

First off, check deleted files.

```shellscript
git status
```

Then restore them.

```shellscript
git restore <a-deleted-file>
```

### GitHub Dorks <a href="#github-dorks" id="github-dorks"></a>

#### Search Target Repository <a href="#search-target-repository" id="search-target-repository"></a>

You may be able to get the desired repository by searching in the Google.

The searching word is like " github".

#### Find Sensitive Data in the Repository <a href="#find-sensitive-data-in-the-repository" id="find-sensitive-data-in-the-repository"></a>

If you can access to the GitHub repository, research files and find the sensitive information. For example:

* Hard-coded contents
* Past commits
* Deleted files in past commits
* Commit messages
* Email address which may leak sensitive information about personal accounts
* Different branches

For more details, see the [github-dorks](https://github.com/techgaun/github-dorks){:target="\_blank"}{:rel="noopener"}.

#### Find Email Address <a href="#find-email-address" id="find-email-address"></a>

1. Click the target repository.
2. Move to the commit history.
3. Click the commit and add “.patch” to the URL. For example:

   ```
   https://github.com/<username>/<repository>/commit/d4...ff54.patch
   ```
4. Check the “From” section in the page. You should find the email address of the commiter.