🔍 Bug Bounty Tips: Exploiting .git File Disclosure for Fun & Profit
🚀 Introduction
When performing a penetration test, one of the most overlooked but critical misconfigurations is .git file disclosure. If a web server exposes the .git directory, attackers can extract sensitive information, including source code, credentials, and even security flaws. In this blog, we’ll explore how to identify, exploit, and mitigate this issue.
🎯 What is .git File Disclosure?
The .git directory is created when a project is initialized with Git. This directory stores all repository metadata, including commit history, branches, and configurations. If exposed, it can be fully downloaded by an attacker, leading to:
✅ Source code leakage
✅ Hardcoded secrets exposure (API keys, credentials)
✅ Discovery of security vulnerabilities
Many developers accidentally deploy .git directories on production servers, making them a prime target for attackers.
🔎 How to Detect .git Exposure?
To check if a website is exposing its .git repository, simply append /.git/ to the domain:
https://target.com/.git/If accessible, this indicates potential exposure. Another common test is checking for .git/config:
https://target.com/.git/configIf this file is accessible, you have file disclosure vulnerability! 🎯
🔥 Automated Tools
For a more thorough check, use GitTools:
git clone https://github.com/internetwache/GitTools.git
cd GitTools/Dumper
./gitdumper.sh https://target.com/.git/ output-folderThis tool downloads the exposed .git directory, allowing you to reconstruct the entire repository.
🛠️ Exploiting .git Disclosure
Once you’ve dumped the repository, navigate to the folder and check the commit history:
cd output-folder
git log --onelineLook for credentials using:
git log -p | grep -i "password"
git log -p | grep -i "secret"
git log -p | grep -i "api"
git log -p | grep -i "DBPassword"You might find hardcoded credentials or API keys that can be used for further exploitation.
Jackpot :P
🛡️ Mitigation & Fixes
To prevent .git exposure, follow these best practices:
1️⃣ Block access using .htaccess:
<DirectoryMatch "^/.*/\.git/">
Order deny,allow
Deny from all
</DirectoryMatch>2️⃣ Remove .git from production servers:
rm -rf .git3️⃣ Use .gitignore properly to prevent sensitive files from being pushed.
4️⃣ Monitor for exposed .git directories using tools like gitrob.
🏁 Conclusion
Exposed .git directories pose a serious security risk but are often overlooked. Ethical hackers and security professionals should always check for .git disclosures during penetration tests and help organizations secure their assets. 🚀
Have you ever found credentials in an exposed .git repo? Share your experience in the comments! 🕵️♂️
What do you think? Want me to refine it or add something else? 😊
