lijiejie / githack Goto Github PK

View Code? Open in Web Editor NEW

3.0K 87.0 772.0 16 KB

A `.git` folder disclosure exploit

Python 100.00%

githack's Introduction

GitHack

This is important

All users please git pull to update source code. (2022-05-09)

GitHack is a .git folder disclosure exploit.

It rebuild source code from .git folder while keep directory structure unchanged.

GitHack是一个.git泄露利用脚本，通过泄露的.git文件夹下的文件，重建还原工程源代码。

渗透测试人员、攻击者，可以进一步审计代码，挖掘：文件上传，SQL注射等web安全漏洞。

Change Log

2022-05-09: Bug fix, thanks @justinsteven .
2022-04-07：Fix arbitrary file write vulnerability. Thanks for @justinsteven 's bug report, it's very helpful.
2022-04-07：Add python3.x support

How It works

解析.git/index文件，找到工程中所有的： ( 文件名，文件sha1 )
去.git/objects/ 文件夹下下载对应的文件
zlib解压文件，按原始的目录结构写入源代码

Usage

python GitHack.py http://www.openssl.org/.git/

Thanks

Thanks for sbp's great work, I used his .git index parser gin - a Git index file parser.

githack's People

Contributors

Stargazers

Watchers

Forkers

xbzbing tdr130 l4inoday traceur findlakes nidongde hkuuki zhangqin qqshow withdrawn yocruzer codeguardian lockgit youmuyou znanl exiahan killvxk loveshell blueroutecn voilet kxcode giserh nootropics linxpsoft zavierxu arm13 flankerhqd jacobjacob mujiansu cvexva xi4oyu expdb2015 coosir youxianbo bigfool shellb0y shengqi158 actcms pmsky2008 flyr4nk tiebuchen tinynote brianwrf nx4dm1n googleask wljcom shiham101 quiteme fjxhkj 2089764 lightless233 arschlochnop thanatoskira trevor3000 rainism googleweb key20 ymero winkar sampr0 uppentest q3g sigma-random zhangyanyu isserene gamehacker pierre94 adra1n 360sec forname c3stbon keejiane aircrk debug0man dalufine chinalover hcxiong noscripter sdc1992 thisiseast uncia superman1982 nersle ph0enixxx hackendless sevck pekita1 b1gw00d bloodmarry12 fengxuangit ahmatjan jamalmo dreamcometure tanwy hellokuku gowabby monlone cyjaysun toughhou ho1mium

githack's Issues

HTTPS_SSL

import ssl
if hasattr(ssl, '_create_unverified_context'):
ssl._create_default_https_context = ssl._create_unverified_context

执行一段时间就会卡住貌似是多线程的问题

每次还原100来个文件之后就会卡住
win8.1 64位 Python 2.7.5

[Error] Error -3 while decompressing data: incorrect header check

这是为啥了？

it's can't run,please check it out

python

Python 2.7.18 (default, Apr 28 2021, 17:39:59)
[GCC 10.2.1 20210110] on linux2
Type "help", "copyright", "credits" or "license" for more information.

┌──(root💀kali)-[/opt/GitHack-master]
└─# python GitHack.py http://127.0.0.1:80/.git/
[+] Download and parse index file ...
Traceback (most recent call last):
File "GitHack.py", line 106, in
s = Scanner()
File "GitHack.py", line 36, in init
data = self._request_data(sys.argv[-1] + '/index')
File "GitHack.py", line 54, in _request_data
return urllib2.urlopen(request, context=context).read()
File "/usr/lib/python2.7/urllib2.py", line 154, in urlopen
return opener.open(url, data, timeout)
File "/usr/lib/python2.7/urllib2.py", line 435, in open
response = meth(req, response)
File "/usr/lib/python2.7/urllib2.py", line 548, in http_response
'http', request, response, code, msg, hdrs)
File "/usr/lib/python2.7/urllib2.py", line 473, in error
return self._call_chain(*args)
File "/usr/lib/python2.7/urllib2.py", line 407, in _call_chain
result = func(*args)
File "/usr/lib/python2.7/urllib2.py", line 556, in http_error_default
raise HTTPError(req.get_full_url(), code, msg, hdrs, fp)
urllib2.HTTPError: HTTP Error 404: Not Found

Missing LICENSE?

First, the standard disclaimer: I am not a lawyer, and this does not constitute legal or financial advice.

Generally, IMHO, it is a good idea to use FSF or OSI Approved Licenses (which can be found here https://www.gnu.org/licenses/licenses.html and here http://opensource.org/licenses/category)

The Free Software Foundation has a useful guide for choosing a license: https://www.gnu.org/licenses/license-recommendations.html

I often reference the Software Freedom Law Center's Legal Primer for both practical and academic purposes (highly recommended): https://www.softwarefreedom.org/resources/2008/foss-primer.html#x1-60002.2

https://tldrlegal.com/ is quite a useful resource for comparing the various FOSS licenses out there once you have some context

To get ahold of actual lawyers/advisors who help FOSS projects, you can reach out to the FSF, SFLC, and OSI at:
[email protected]
[email protected]
[email protected]

Hope this helps, and happy hacking!

出现此错误该怎排除

Traceback (most recent call last):
File "GitHack.py", line 40, in
main()
File "GitHack.py", line 21, in main
init()
File "GitHack.py", line 35, in init
start()
File "/root/GitHack/lib/controler.py", line 21, in start
if method_a() or method_b() or method_c():
File "/root/GitHack/lib/controler.py", line 56, in method_c
clone_from_cache()
File "/root/GitHack/lib/git.py", line 116, in clone_from_cache
cache_objects()
File "/root/GitHack/lib/git.py", line 265, in cache_objects
for entry in parse_index(os.path.join(paths.GITHACK_DIST_TARGET_GIT_PATH, "index")):
File "/root/GitHack/lib/git.py", line 291, in parse_index
with open(filename, "rb") as o:
IOError: [Errno 2] No such file or directory: '/root/GitHack/dist/_____/.git/index'

GitHack处理之后，目标目录中无.git文件夹

CTHHub log题使用GitHack还原git历史
命令：

python GitHack.py http://challenge-378c7eae57fd469c.sandbox.ctfhub.com:10800/.git/

得到：

[+] Download and parse index file ...
[+] 50x.html
[+] index.html
[OK] index.html
[OK] 50x.html

按理说应该得到

[+] Download and parse index file ...
[+] 50x.html
[+] index.html
[ok] .git
[OK] index.html
[OK] 50x.html

结果没有.git文件夹，只恢复了源文件，没有恢复.git 无法进行git log查看，期待得到原因和解决方法

[+] Download and parse index file ...

[+] Download and parse index file ...
[ERROR] index file download failed: HTTP Error 404: Not Found

我第一次用的时候可以用，不知道为什么现在用了就4xx的错

Originally posted by @kaysinchin in #14 (comment)

404

E:\cybersecurityTOOL\GitHack-master>GitHack.py http://www.baidu.com/.git/
[+] Download and parse index file ...
[ERROR] index file download failed: HTTP Error 404: Not Found

python2废弃

什么时候这个工具能够用python3 重新写一遍啊

程序正常运行后目录也看见了

优化建议

建议增加参数：--threads 修改 thread_count 的值（有时候太快了会出被 ban 掉 IP）
建议增加参数：--proxy 一个好工具都有的功能
建议增加参数：--filter [正则表达式|文件前缀/后缀] 过滤一些没用的文件（比如一些静态文件 assert）

respect~