Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Git Config Disclosure

By kannthu

Medium
Vidoc logoVidoc Module
#config#git#exposure
Description

What is "Git Config Disclosure?"

The "Git Config Disclosure" module is designed to detect misconfigurations in Git repositories. It targets the ".git/config" file, which contains important configuration settings for a Git repository. This module has a medium severity level and was authored by pdteam, pikpikcu, and Mah3Sec_.

Impact

If the ".git/config" file is exposed, it can potentially leak sensitive information such as repository URLs, credentials, and other configuration settings. This can lead to unauthorized access, data breaches, and other security risks.

How the module works?

The "Git Config Disclosure" module works by sending an HTTP GET request to the "/.git/config" path of the target URL. It then applies several matching conditions to determine if the Git configuration file is exposed:

- The response body must contain the "[core]" keyword. - The response body must not contain the "If all the matching conditions are met, the module reports a vulnerability, indicating that the Git configuration file is exposed.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/.git/config
Matching conditions
word: [core]and
dsl: !contains(toLower(body), `<html`), !cont...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability