[Python/Network Security] Detailed analysis of basic installation and use of Githack tool for Git vulnerabilities
Preface
Git is a very popular open source distributed version control system, which is widely used for collaborative development and code management. Many websites and applications use Git as their code management system and deploy it to production environments to maintain their code bases.
However, improper configuration may cause.git the folder to be deployed directly to the online environment, which may lead to Git leakage problems.
Accessgithack下载泄露的Git存储库 to obtain the site's codebase containing unencrypted passwords, credentials, and sensitive information.
installation steps
1. Download the source code of githack from GitHub https://github.com/lijiejie/GitHack
2. Unzip it to the Tools directory of Python3
3. Switch to the directory of the githack source code in the command line window
Execute the following command to install the third-party libraries required by githack:
pip install -r requirements.txt
If the cmd window echoes as follows:
ERROR: Could not open requirements file: [Errno 2] No such file or directory: 'requirements.txt'
WARNING: You are using pip version 21.2.4; however, version 23.1.2 is available.
You should consider upgrading via the 'C:\Python3\python.exe -m pip install --upgrade pip' command.
indicates that the file named requirements.txt cannot be found in the githack source code directory. You can manually install the third-party libraries required by githack. All dependencies required for githack are listed here:
- GitPython==2.1.11
- pathlib==1.0.1
Follow these steps to use pip to download dependencies:
1. Open a command line window and switch to the directory where the githack source code is located.
2. Run the following commands in sequence:
pip install GitPython==2.1.11
pip install pathlib==1.0.1
3. Confirm that all dependencies have been successfully installed.
4. Open cmd in the githack directory:
Enter the following command to use githack
python githack.py http://example.com/.git/
Where replacehttp://example.com/.git/ with the URL of the actual target Git repository.
For example: python githack.py http://2023.5.29.qiu/.git/
The demonstration is as follows:
5.githack will automatically download and extract the complete history and configuration information of the Git repository, and save it in the .git directory in the current directory. You can enter the directory to view it.
Practical use of tools
Summarize
This article is only sharedGithack工具基本安装及使用相关知识, I amQiu Shuo, see you next time.