Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Git Metadata Directory Exposure" module is designed to detect a misconfiguration in the Git software that exposes the metadata directory. This module has a medium severity level and was authored by tess.
If the Git metadata directory is exposed, it can potentially leak sensitive information about the repository, including commit history, branch names, and file paths. This information can be valuable to attackers as it provides insights into the structure and contents of the repository.
The module sends an HTTP GET request to the "/.git/" path and checks for specific matching conditions. It verifies if the response body contains the words "403 Forbidden" and "You do not have permission to access /.git/". Additionally, it checks if the response status code is 403. If both conditions are met, the module reports a vulnerability.
Here is an example of the HTTP request sent by the module:
GET /.git/ HTTP/1.1
Host: [target host]
The module's matching conditions ensure that the Git metadata directory is properly protected and inaccessible to unauthorized users. If the conditions are not met, it indicates a potential misconfiguration that should be addressed to prevent exposure of sensitive repository information.