Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Detect Git config

By kannthu

Medium
Vidoc logoVidoc Module
#misconfiguration#git#exposure
Description

This module is used to detect an exposed .git file on a server. It searches for the pattern /.git/config and log file in the passed URLs. The .git file is a hidden folder used by the Git version control system to store repository information and metadata.

Exposing the .git file on a server can be a significant security risk as it may contain sensitive information, such as repository history, configuration files, and credentials. Attackers can access this information to gain insights into the development and deployment process, potentially leading to further attacks on the system.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/.git/config
Matching conditions
word: [core]and
dsl: !contains(tolower(body), "<html"), !cont...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability