Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Git Metadata Directory Exposure

By kannthu

Medium
Vidoc logoVidoc Module
#logs#git#exposure
Description

What is the "Git Metadata Directory Exposure?"

The "Git Metadata Directory Exposure" module is designed to detect a misconfiguration in the Git software that exposes the metadata directory. This module has a medium severity level and was authored by tess.

Impact

If the Git metadata directory is exposed, it can potentially leak sensitive information about the repository, including commit history, branch names, and file paths. This information can be valuable to attackers as it provides insights into the structure and contents of the repository.

How the module works?

The module sends an HTTP GET request to the "/.git/" path and checks for specific matching conditions. It verifies if the response body contains the words "403 Forbidden" and "You do not have permission to access /.git/". Additionally, it checks if the response status code is 403. If both conditions are met, the module reports a vulnerability.

Here is an example of the HTTP request sent by the module:

GET /.git/ HTTP/1.1
Host: [target host]

The module's matching conditions ensure that the Git metadata directory is properly protected and inaccessible to unauthorized users. If the conditions are not met, it indicates a potential misconfiguration that should be addressed to prevent exposure of sensitive repository information.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/.git/
Matching conditions
word: 403 Forbidden, You do not have permissio...and
status: 403
Passive global matcher
No matching conditions.
On match action
Report vulnerability