hacktricks/network-services-pentesting/pentesting-web/git.md

48 lines
4 KiB
Markdown
Raw Normal View History

2022-07-16 14:38:39 +00:00
# Git
2022-04-28 16:01:33 +00:00
<details>
2024-02-11 02:07:06 +00:00
<summary><strong>Leer AWS-hacking van nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
2022-04-28 16:01:33 +00:00
2024-02-11 02:07:06 +00:00
Ander maniere om HackTricks te ondersteun:
2022-04-28 16:01:33 +00:00
2024-02-11 02:07:06 +00:00
* As jy wil sien dat jou **maatskappy geadverteer word in HackTricks** of **HackTricks aflaai in PDF-formaat**, kyk na die [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Kry die [**amptelike PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Ontdek [**The PEASS Family**](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Deel jou hacktruuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) GitHub-opslagplekke.
2022-04-28 16:01:33 +00:00
</details>
2024-02-11 02:07:06 +00:00
**Om 'n .git-vouer van 'n URL te dump, gebruik** [**https://github.com/arthaud/git-dumper**](https://github.com/arthaud/git-dumper)
2022-04-28 16:01:33 +00:00
2024-02-11 02:07:06 +00:00
**Gebruik** [**https://www.gitkraken.com/**](https://www.gitkraken.com/) **om die inhoud te ondersoek**
2022-07-16 14:40:47 +00:00
2024-02-11 02:07:06 +00:00
As 'n _.git_-gids gevind word in 'n webtoepassing, kan jy al die inhoud aflaai deur _wget -r http://web.com/.git_ te gebruik. Dan kan jy die veranderinge sien deur _git diff_ te gebruik.
2024-02-11 02:07:06 +00:00
Die gereedskap: [Git-Money](https://github.com/dnoiz1/git-money), [DVCS-Pillage](https://github.com/evilpacket/DVCS-Pillage) en [GitTools](https://github.com/internetwache/GitTools) kan gebruik word om die inhoud van 'n git-gids te herwin.
2024-02-11 02:07:06 +00:00
Die gereedskap [https://github.com/cve-search/git-vuln-finder](https://github.com/cve-search/git-vuln-finder) kan gebruik word om te soek na CVE's en sekuriteitskwesbaarheidsboodskappe binne in toewydingsboodskappe.
2024-02-11 02:07:06 +00:00
Die gereedskap [https://github.com/michenriksen/gitrob](https://github.com/michenriksen/gitrob) soek na sensitiewe data in die opgaarplekke van 'n organisasie en sy werknemers.
2024-02-11 02:07:06 +00:00
[Repo security scanner](https://github.com/UKHomeOffice/repo-security-scanner) is 'n opdraggelyngebaseerde gereedskap wat geskryf is met 'n enkele doel: om jou te help om GitHub-geheime te ontdek wat ontwikkelaars per ongeluk gemaak het deur sensitiewe data te stuur. En soos die ander, sal dit jou help om wagwoorde, private sleutels, gebruikersname, tokens en meer te vind.
2024-02-11 02:07:06 +00:00
[TruffleHog](https://github.com/dxa4481/truffleHog) deursoek GitHub-opgaarplekke en deursoek die toewydingsgeskiedenis en takke, op soek na per ongeluk geplaasde geheime
2024-02-11 02:07:06 +00:00
Hier kan jy 'n studie oor GitHub-dorks vind: [https://securitytrails.com/blog/github-dorks](https://securitytrails.com/blog/github-dorks)
2022-04-28 16:01:33 +00:00
<details>
2024-02-11 02:07:06 +00:00
<summary><strong>Leer AWS-hacking van nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
2022-04-28 16:01:33 +00:00
2024-02-11 02:07:06 +00:00
Ander maniere om HackTricks te ondersteun:
2022-04-28 16:01:33 +00:00
2024-02-11 02:07:06 +00:00
* As jy wil sien dat jou **maatskappy geadverteer word in HackTricks** of **HackTricks aflaai in PDF-formaat**, kyk na die [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Kry die [**amptelike PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Ontdek [**The PEASS Family**](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Deel jou hacktruuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) GitHub-opslagplekke.
2022-04-28 16:01:33 +00:00
</details>