hacktricks/src/network-services-pentesting/pentesting-web/git.md

# Git

{{#include ../../banners/hacktricks-training.md}}

**Ili kudondosha folda ya .git kutoka URL tumia** [**https://github.com/arthaud/git-dumper**](https://github.com/arthaud/git-dumper)

**Tumia** [**https://www.gitkraken.com/**](https://www.gitkraken.com/) **kuangalia maudhui**

Ikiwa folda ya _.git_ imepatikana katika programu ya wavuti unaweza kupakua maudhui yote kwa kutumia _wget -r http://web.com/.git._ Kisha, unaweza kuona mabadiliko yaliyofanywa kwa kutumia _git diff_.

Vifaa: [Git-Money](https://github.com/dnoiz1/git-money), [DVCS-Pillage](https://github.com/evilpacket/DVCS-Pillage) na [GitTools](https://github.com/internetwache/GitTools) vinaweza kutumika kupata maudhui ya folda ya git.

Kifaa [https://github.com/cve-search/git-vuln-finder](https://github.com/cve-search/git-vuln-finder) kinaweza kutumika kutafuta CVEs na ujumbe wa udhaifu wa usalama ndani ya ujumbe wa commits.

Kifaa [https://github.com/michenriksen/gitrob](https://github.com/michenriksen/gitrob) kinatafuta data nyeti katika hazina za mashirika na wafanyakazi wake.

[Repo security scanner](https://github.com/UKHomeOffice/repo-security-scanner) ni kifaa kinachotumia mistari ya amri ambacho kimeandikwa kwa lengo moja: kukusaidia kugundua siri za GitHub ambazo waendelezaji kwa bahati mbaya walifanya kwa kusukuma data nyeti. Na kama wengine, itakusaidia kupata nywila, funguo za faragha, majina ya watumiaji, tokeni na zaidi.

[TruffleHog](https://github.com/dxa4481/truffleHog) inatafuta kupitia hazina za GitHub na kuchimba kupitia historia ya commits na matawi, ikitafuta siri zilizokubaliwa kwa bahati mbaya.

Hapa unaweza kupata utafiti kuhusu github dorks: [https://securitytrails.com/blog/github-dorks](https://securitytrails.com/blog/github-dorks)

{{#include ../../banners/hacktricks-training.md}}