Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Git Config Disclosure" module is designed to detect misconfigurations in Git repositories. It targets the ".git/config" file, which contains important configuration settings for a Git repository. This module has a medium severity level and was authored by pdteam, pikpikcu, and Mah3Sec_.
If the ".git/config" file is exposed, it can potentially leak sensitive information such as repository URLs, credentials, and other configuration settings. This can lead to unauthorized access, data breaches, and other security risks.
The "Git Config Disclosure" module works by sending an HTTP GET request to the "/.git/config" path of the target URL. It then applies several matching conditions to determine if the Git configuration file is exposed:
- The response body must contain the "[core]" keyword. - The response body must not contain the "If all the matching conditions are met, the module reports a vulnerability, indicating that the Git configuration file is exposed.