Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Git Credentials Disclosure" module is designed to detect the exposure of Git credentials. It targets software that utilizes Git for version control. This module has a medium severity level and was authored by dhiyaneshDk.
If Git credentials are exposed, it can lead to unauthorized access to sensitive information, such as usernames and passwords. This can potentially result in data breaches, unauthorized code modifications, and other security risks.
The "Git Credentials Disclosure" module works by sending HTTP requests to specific paths, such as "/.git-credentials". It then applies matching conditions to determine if Git credentials are exposed. The matching conditions include:
- Checking if the response contains specific words, such as "https://" and "@github.com". - Verifying that the response status is 200 (OK). - Ensuring that the response header does not contain the word "text/html".If all the matching conditions are met, the module reports a vulnerability.
Example HTTP request:
GET /.git-credentials
Please note that this module is part of the Vidoc platform and is used for scanning purposes to detect potential security risks.
Reference: