internetwache / gittools Goto Github PK
View Code? Open in Web Editor NEWA repository with 3 tools for pwn'ing websites with .git repositories available
License: MIT License
gittools's People
Contributors
Stargazers
Watchers
Forkers
rleh fryguy04 theappseclab coffeehb ghubgenius dtrip fengxuangit claor wimrademaker nikhil96sher vinothsparrow gagandeepsingh485 noobfromvn ankushgoel27 codemaxx 0xbadca7 itabrezshaikh kvasilov48 dusk001 c9n secretarmy entpnomad cechu66 sevkibekir air01a garikmmm global4g galahad-moye salto7 ning1022 bannsec sahakkhotsanyan scaurus n4yk danilabs aancw bryant1410 jokester waywardsun pragmaticed timhok hloeffler rumo666 superfish9 bipabo1l jacobmorzinski binacs omushpapa jeisc xa-bi cyri1s zurga team-firebugs sunshine0427 fossler jbarcia shantanu561993 izogain noraj atimorin ahen0910 junorouse ashr hax0rg1rl linll turtles4all nath13 grepsecurity hackerabhinavverma dstsmallbird iamr0b0t vinhjaxt matisact munsiwoo r3dfruitrollup inc775 happyu319 0x13337 alumag haliliceylan vladimir12 elyrly sahilyadav-here akamajoris gujjuboy10x00 jayyogesh indrarahul keystroke95 cndycc sgnls alt3red rickzal13 bravery9 c0dak scanfsec nothingcw alexlauerman unl1k3ly bmoar craignewkirkgittools's Issues
Add a requirements.txt
$ ./GitTools/Finder/gitfinder.py -h
Traceback (most recent call last):
File "./GitTools/Finder/gitfinder.py", line 3, in <module>
from urllib.request import urlopen
ImportError: No module named request
Proxy Suppport
Add to the tool proxy support.
Thanks,
slow
Rewrite argument parsing
As discussed in #8, the argument parsing should be rewritten, so that positional and non-positional arguments can be reliably parsed. See [0] for ideas.
[0] https://stackoverflow.com/questions/192249/how-do-i-parse-command-line-arguments-in-bash
socket.timeout: timed out
Any ideas to fix this one?
Scanning...
multiprocessing.pool.RemoteTraceback:
"""
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4_1/Frameworks/Python.framework/Versions/3.7/lib/python3.7/multiprocessing/pool.py", line 121, in worker
result = (True, func(*args, **kwds))
File "/usr/local/Cellar/python/3.7.4_1/Frameworks/Python.framework/Versions/3.7/lib/python3.7/multiprocessing/pool.py", line 44, in mapstar
return list(map(*args))
File "gitfinder.py", line 25, in findgitrepo
with urlopen(''.join(['http://', domain, '/.git/HEAD']), timeout=5) as response:
File "/usr/local/Cellar/python/3.7.4_1/Frameworks/Python.framework/Versions/3.7/lib/python3.7/urllib/request.py", line 222, in urlopen
return opener.open(url, data, timeout)
File "/usr/local/Cellar/python/3.7.4_1/Frameworks/Python.framework/Versions/3.7/lib/python3.7/urllib/request.py", line 525, in open
response = self._open(req, data)
File "/usr/local/Cellar/python/3.7.4_1/Frameworks/Python.framework/Versions/3.7/lib/python3.7/urllib/request.py", line 543, in _open
'_open', req)
File "/usr/local/Cellar/python/3.7.4_1/Frameworks/Python.framework/Versions/3.7/lib/python3.7/urllib/request.py", line 503, in _call_chain
result = func(*args)
File "/usr/local/Cellar/python/3.7.4_1/Frameworks/Python.framework/Versions/3.7/lib/python3.7/urllib/request.py", line 1345, in http_open
return self.do_open(http.client.HTTPConnection, req)
File "/usr/local/Cellar/python/3.7.4_1/Frameworks/Python.framework/Versions/3.7/lib/python3.7/urllib/request.py", line 1320, in do_open
r = h.getresponse()
File "/usr/local/Cellar/python/3.7.4_1/Frameworks/Python.framework/Versions/3.7/lib/python3.7/http/client.py", line 1336, in getresponse
response.begin()
File "/usr/local/Cellar/python/3.7.4_1/Frameworks/Python.framework/Versions/3.7/lib/python3.7/http/client.py", line 306, in begin
version, status, reason = self._read_status()
File "/usr/local/Cellar/python/3.7.4_1/Frameworks/Python.framework/Versions/3.7/lib/python3.7/http/client.py", line 267, in _read_status
line = str(self.fp.readline(_MAXLINE + 1), "iso-8859-1")
File "/usr/local/Cellar/python/3.7.4_1/Frameworks/Python.framework/Versions/3.7/lib/python3.7/socket.py", line 589, in readinto
return self._sock.recv_into(b)
socket.timeout: timed out
"""
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "gitfinder.py", line 90, in
main()
File "gitfinder.py", line 86, in main
pool.map(fun, domains)
File "/usr/local/Cellar/python/3.7.4_1/Frameworks/Python.framework/Versions/3.7/lib/python3.7/multiprocessing/pool.py", line 268, in map
return self._map_async(func, iterable, mapstar, chunksize).get()
File "/usr/local/Cellar/python/3.7.4_1/Frameworks/Python.framework/Versions/3.7/lib/python3.7/multiprocessing/pool.py", line 657, in get
raise self._value
socket.timeout: timed out
usage: git cat-file (-t|-s|-e|-p|<type>|--textconv) <object>
usage: git cat-file (-t|-s|-e|-p|<type>|--textconv) <object>
or: git cat-file (--batch|--batch-check) < <list_of_objects>
<type> can be one of: blob, tree, commit, tag
-t show object type
-s show object size
-e exit with zero when there's no error
-p pretty-print object's content
--textconv for blob objects, run textconv on object's content
--batch[=<format>] show info and content of objects fed from the standard input
--batch-check[=<format>]
show info about objects fed from the standard input
Found commit: ee9061b25d8a35bae8380339f187b44dc26f4999
usage: git cat-file (-t|-s|-e|-p|<type>|--textconv) <object>
or: git cat-file (--batch|--batch-check) < <list_of_objects>
<type> can be one of: blob, tree, commit, tag
-t show object type
-s show object size
-e exit with zero when there's no error
-p pretty-print object's content
--textconv for blob objects, run textconv on object's content
--batch[=<format>] show info and content of objects fed from the standard input
--batch-check[=<format>]
show info about objects fed from the standard input
usage: git cat-file (-t|-s|-e|-p|<type>|--textconv) <object>
or: git cat-file (--batch|--batch-check) < <list_of_objects>
<type> can be one of: blob, tree, commit, tag
-t show object type
-s show object size
-e exit with zero when there's no error
-p pretty-print object's content
--textconv for blob objects, run textconv on object's content
--batch[=<format>] show info and content of objects fed from the standard input
--batch-check[=<format>]
show info about objects fed from the standard input
usage: git cat-file (-t|-s|-e|-p|<type>|--textconv) <object>
or: git cat-file (--batch|--batch-check) < <list_of_objects>
<type> can be one of: blob, tree, commit, tag
-t show object type
-s show object size
-e exit with zero when there's no error
-p pretty-print object's content
--textconv for blob objects, run textconv on object's content
--batch[=<format>] show info and content of objects fed from the standard input
--batch-check[=<format>]
show info about objects fed from the standard input
usage: git cat-file (-t|-s|-e|-p|<type>|--textconv) <object>
or: git cat-file (--batch|--batch-check) < <list_of_objects>
<type> can be one of: blob, tree, commit, tag
-t show object type
-s show object size
-e exit with zero when there's no error
-p pretty-print object's content
--textconv for blob objects, run textconv on object's content
--batch[=<format>] show info and content of objects fed from the standard input
--batch-check[=<format>]
show info about objects fed from the standard input
Found commit: 8ac4f76df2ce8db696d75f5f146f4047a315af22
usage: git cat-file (-t|-s|-e|-p|<type>|--textconv) <object>
or: git cat-file (--batch|--batch-check) < <list_of_objects>
<type> can be one of: blob, tree, commit, tag
-t show object type
-s show object size
-e exit with zero when there's no error
-p pretty-print object's content
--textconv for blob objects, run textconv on object's content
--batch[=<format>] show info and content of objects fed from the standard input
--batch-check[=<format>]
show info about objects fed from the standard input
it actually prints that hundreds of times, but I snipped it.
This happens when you use the Extractor script.
Cant run gitfinder.py because i got error
not works
multiprocessing.pool.RemoteTraceback:
"""
Traceback (most recent call last):
File "/usr/lib/python3.6/urllib/request.py", line 1318, in do_open
encode_chunked=req.has_header('Transfer-encoding'))
File "/usr/lib/python3.6/http/client.py", line 1254, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/usr/lib/python3.6/http/client.py", line 1300, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/usr/lib/python3.6/http/client.py", line 1249, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/lib/python3.6/http/client.py", line 1036, in _send_output
self.send(msg)
File "/usr/lib/python3.6/http/client.py", line 974, in send
self.connect()
File "/usr/lib/python3.6/http/client.py", line 946, in connect
(self.host,self.port), self.timeout, self.source_address)
File "/usr/lib/python3.6/socket.py", line 704, in create_connection
for res in getaddrinfo(host, port, 0, SOCK_STREAM):
File "/usr/lib/python3.6/socket.py", line 745, in getaddrinfo
for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno -5] No address associated with hostname
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.6/multiprocessing/pool.py", line 119, in worker
result = (True, func(*args, **kwds))
File "/usr/lib/python3.6/multiprocessing/pool.py", line 44, in mapstar
return list(map(*args))
File "./gitfinder.py", line 25, in findgitrepo
with urlopen(''.join(['http://', domain, '/.git/HEAD']), timeout=5) as response:
File "/usr/lib/python3.6/urllib/request.py", line 223, in urlopen
return opener.open(url, data, timeout)
File "/usr/lib/python3.6/urllib/request.py", line 526, in open
response = self._open(req, data)
File "/usr/lib/python3.6/urllib/request.py", line 544, in _open
'_open', req)
File "/usr/lib/python3.6/urllib/request.py", line 504, in _call_chain
result = func(*args)
File "/usr/lib/python3.6/urllib/request.py", line 1346, in http_open
return self.do_open(http.client.HTTPConnection, req)
File "/usr/lib/python3.6/urllib/request.py", line 1320, in do_open
raise URLError(err)
urllib.error.URLError: <urlopen error [Errno -5] No address associated with hostname>
"""
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "./gitfinder.py", line 84, in
main()
File "./gitfinder.py", line 80, in main
pool.map(fun, domains)
File "/usr/lib/python3.6/multiprocessing/pool.py", line 266, in map
return self._map_async(func, iterable, mapstar, chunksize).get()
File "/usr/lib/python3.6/multiprocessing/pool.py", line 644, in get
raise self._value
urllib.error.URLError: <urlopen error [Errno -5] No address associated with hostname>
37487f6 Seems to break gitfinder.py
The latest commit seems to cause the Finder to not function correctly.
mrarm@ThinkPad:~/Documents/GitTools/Finder$ python3 ./gitfinder.py -i sites.txt
###########
# Finder is part of https://github.com/internetwache/GitTools
#
# Developed and maintained by @gehaxelt from @internetwache
#
# Use at your own risk. Usage might be illegal in certain circumstances.
# Only for educational purposes!
###########
Scanning...
Finished
Dropping 37487f6 makes the finder function as expected.
Environment: Kubuntu 18.04, Python 3.6.8 (default, Jan 14 2019, 11:02:34)
[bug] Some urls cause the finder to fail
Some urls cause the finder to throw an exception which causes the script to fail, can we can an argument to silently throw the error, but keep running?
Traceback (most recent call last): File "./gitfinder.py", line 84, in <module> main() File "./gitfinder.py", line 80, in main pool.map(fun, domains) File "/usr/local/Cellar/python/3.7.5/Frameworks/Python.framework/Versions/3.7/lib/python3.7/multiprocessing/pool.py", line 268, in map return self._map_async(func, iterable, mapstar, chunksize).get() File "/usr/local/Cellar/python/3.7.5/Frameworks/Python.framework/Versions/3.7/lib/python3.7/multiprocessing/pool.py", line 657, in get raise self._value urllib.error.URLError: <urlopen error [Errno 8] nodename nor servname provided, or not known>
Assume version of grep
The current version of dumper expects a Linux version of grep, doesn't work with OS X's distribution.
Please add releases
Can you tag and create a git release for a relatively stable version? I'd love to update a package for chromebrew, as we're currently using a random commit.
Fix colors under mac
@WeberNick mentioned that \e does not work with the bash on mac. \033 apparently does.
[Finder] Name or service not known
i keep getting this error but how do i know which url causing this error ?
Scanning...
[*] Found: ***.tv
[*] Found: ***.com
[*] Found: ***.***.net
multiprocessing.pool.RemoteTraceback:
"""
Traceback (most recent call last):
File "/usr/lib/python3.6/urllib/request.py", line 1318, in do_open
encode_chunked=req.has_header('Transfer-encoding'))
File "/usr/lib/python3.6/http/client.py", line 1254, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/usr/lib/python3.6/http/client.py", line 1300, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/usr/lib/python3.6/http/client.py", line 1249, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/lib/python3.6/http/client.py", line 1036, in _send_output
self.send(msg)
File "/usr/lib/python3.6/http/client.py", line 974, in send
self.connect()
File "/usr/lib/python3.6/http/client.py", line 946, in connect
(self.host,self.port), self.timeout, self.source_address)
File "/usr/lib/python3.6/socket.py", line 704, in create_connection
for res in getaddrinfo(host, port, 0, SOCK_STREAM):
File "/usr/lib/python3.6/socket.py", line 745, in getaddrinfo
for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno -2] Name or service not known
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.6/multiprocessing/pool.py", line 119, in worker
result = (True, func(*args, **kwds))
File "/usr/lib/python3.6/multiprocessing/pool.py", line 44, in mapstar
return list(map(*args))
File "gitfinder.py", line 25, in findgitrepo
with urlopen(''.join(['http://', domain, '/.git/HEAD']), timeout=5) as response:
File "/usr/lib/python3.6/urllib/request.py", line 223, in urlopen
return opener.open(url, data, timeout)
File "/usr/lib/python3.6/urllib/request.py", line 526, in open
response = self._open(req, data)
File "/usr/lib/python3.6/urllib/request.py", line 544, in _open
'_open', req)
File "/usr/lib/python3.6/urllib/request.py", line 504, in _call_chain
result = func(*args)
File "/usr/lib/python3.6/urllib/request.py", line 1346, in http_open
return self.do_open(http.client.HTTPConnection, req)
File "/usr/lib/python3.6/urllib/request.py", line 1320, in do_open
raise URLError(err)
urllib.error.URLError: <urlopen error [Errno -2] Name or service not known>
"""
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "gitfinder.py", line 84, in <module>
main()
File "gitfinder.py", line 80, in main
pool.map(fun, domains)
File "/usr/lib/python3.6/multiprocessing/pool.py", line 266, in map
return self._map_async(func, iterable, mapstar, chunksize).get()
File "/usr/lib/python3.6/multiprocessing/pool.py", line 644, in get
raise self._value
urllib.error.URLError: <urlopen error [Errno -2] Name or service not known>Git
Error gitdumper.sh: line 25: declare: -n: invalid option
I am experiencing this issue while running bash gitdumper.sh (no param)
It worked well on my other Fedora machine but on my macOS at work, it throws that error.
More details:
macOS 10.12
sh used: zsh (changed to bash but the same occurred)
Full error information:
╰─ bash gitdumper.sh
###########
# GitDumper is part of https://github.com/internetwache/GitTools
#
# Developed and maintained by @gehaxelt from @internetwache
#
# Use at your own risk. Usage might be illegal in certain circumstances.
# Only for educational purposes!
###########
gitdumper.sh: line 25: declare: -n: invalid option
declare: usage: declare [-afFirtx] [-p] [name[=value] ...]
\e[33m[*] USAGE: http://target.tld/.git/ dest-dir [--git-dir=otherdir]\e[0m
--git-dir=otherdir Change the git folder name. Default: .git
Import Error
Any idea why when trying to run python gitfinder.py it would be throwing the following error?
File "gitfinder.py", line 3, in <module>
from urllib.request import urlopen
ImportError: No module named request
Finder
fatal: unexpected line in .git/packed-refs: </script>
how i can solve this problem sir ?
/.git/ missing in url
For example I found a git repository that is stored under /backup/ but I can't dump it because I get this error:
[-] /.git/ missing in url
This should not be a check.
idx and pack
i got this error when i tried to extract .git folder
fatal: Not a valid object name packpack-5c594159d6fa80636dcc4d7a1e8c3cadab9229e1.idx
fatal: Not a valid object name packpack-5c594159d6fa80636dcc4d7a1e8c3cadab9229e1.pack
how to resolve this
Problem with the finder
Scanning...
[*] Found: .com
multiprocessing.pool.RemoteTraceback:
"""
Traceback (most recent call last):
File "/usr/lib/python3.5/multiprocessing/pool.py", line 119, in worker
result = (True, func(*args, **kwds))
File "/usr/lib/python3.5/multiprocessing/pool.py", line 44, in mapstar
return list(map(*args))
File "./Finder/gitfinder.py", line 26, in findgitrepo
answer = response.read(200).decode()
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xff in position 0: invalid start byte
"""
Dumper tool is broken :(
Thanks for creating this awesome tool that I have been using for a long time. However, I recently updated it and noticed the latest version of the dumper tool is broken.
When running: bash gitdumper.sh http://target.com/.git ~/temp/dump , I get the following output:
[-] // missing in url and the program exits.
gitfinder Error !
Please what the problem?
Laptop Macbook Pro
python3 gitfinder.py -i input.txt
###########
# Finder is part of https://github.com/internetwache/GitTools
#
# Developed and maintained by @gehaxelt from @internetwache
#
# Use at your own risk. Usage might be illegal in certain circumstances.
# Only for educational purposes!
###########
Scanning...
multiprocessing.pool.RemoteTraceback:
"""
Traceback (most recent call last):
File "/usr/local/Cellar/[email protected]/3.9.4/Frameworks/Python.framework/Versions/3.9/lib/python3.9/multiprocessing/pool.py", line 125, in worker
result = (True, func(*args, **kwds))
File "/usr/local/Cellar/[email protected]/3.9.4/Frameworks/Python.framework/Versions/3.9/lib/python3.9/multiprocessing/pool.py", line 48, in mapstar
return list(map(*args))
File "/Users/gt/Desktop/Bugbounty-tools/GitTools/Finder/gitfinder.py", line 22, in findgitrepo
domain = ".".join(encodings.idna.ToASCII(label).decode("ascii") for label in domains.strip().split("."))
File "/Users/gt/Desktop/Bugbounty-tools/GitTools/Finder/gitfinder.py", line 22, in <genexpr>
domain = ".".join(encodings.idna.ToASCII(label).decode("ascii") for label in domains.strip().split("."))
File "/usr/local/Cellar/[email protected]/3.9.4/Frameworks/Python.framework/Versions/3.9/lib/python3.9/encodings/idna.py", line 73, in ToASCII
raise UnicodeError("label empty or too long")
UnicodeError: label empty or too long
"""
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/Users/gt/Desktop/Bugbounty-tools/GitTools/Finder/gitfinder.py", line 95, in <module>
main()
File "/Users/gt/Desktop/Bugbounty-tools/GitTools/Finder/gitfinder.py", line 91, in main
pool.map(fun, domains)
File "/usr/local/Cellar/[email protected]/3.9.4/Frameworks/Python.framework/Versions/3.9/lib/python3.9/multiprocessing/pool.py", line 364, in map
return self._map_async(func, iterable, mapstar, chunksize).get()
File "/usr/local/Cellar/[email protected]/3.9.4/Frameworks/Python.framework/Versions/3.9/lib/python3.9/multiprocessing/pool.py", line 771, in get
raise self._value
UnicodeError: label empty or too long
Thank you!
Check for redirects and file type in `gitdumper.sh`
I tried a random example and it turned out that requests for various files (i.e. .git/packed-refs, .git/refs/wip/index/refs/heads/master, .git/refs/stash .git/refs/wip/wtree/refs/heads/master, .git/refs/remotes/origin/HEAD, .git/info/refs .git/objects/info/packs, .git/logs/refs/remotes/origin/HEAD) were affected by a HTTP rule. They were redirected to an index HTML file.
So I guess two things should be considered here:
- Probably not to follow redirects
- Definitely check whether the result is HTML.
Otherwise it will look like this:
fatal: unexpected line in .git/packed-refs: </html>?
PS: Thank you for your work!
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.