Find misconfigured, web accessible .git directories on websites you browse.
Get Git scans websites for web accessible .git directories, which can expose all manner of data including: * past and present source code * internal network structure (remote origins) * sensitive API keys and credentials * and more! Quick info is available by clicking on the wrench for an entry, including the config file, .gitignore, the repo description, etc. Now offers unobtrusive CSS notifications! This project is open source and MIT licensed; contribute at https://github.com/jkingsman/get-git.
- (2016-06-15) DEPRECATED. The developer himself suggests using "Bishop Vulnerability Scanner" as a better alternative. You can verify this on Get-Git's GitHub repo
- (2015-09-02) Nick Coad: Constantly re-enabled itself after disabling.
- (2015-02-11) Samuel Melrose: Great fun to play with, interesting how many unexpected sites are vulnerable.
- (2015-02-05) Mary Baronitis: Works well - so many fun git repos to clone and poke around :)
- (2015-02-04) Mike Janson: It works well. The alert box is a little annoying but can be disabled.