git-dumper is a tool designed to extract and reconstruct a git repository from a publicly accessible website.
A tool to dump a git repository from a website
This tool is primarily used by penetration testers and red teamers to retrieve git repositories exposed on websites, which can reveal sensitive source code and configuration details. It automates the process of downloading and reconstructing the repository even when directory listing is disabled, aiding in security assessments and vulnerability research.
Users should be cautious as downloading repositories controlled by attackers may lead to remote code execution. It is recommended to run this tool in a secure, isolated environment. The tool requires the target website to expose the .git directory or files, which is a common misconfiguration but not always present.
Run `pip install git-dumper` to install via pip
Alternatively, clone the repository and install dependencies with `pip install -r requirements.txt`
Run the tool directly using `./git_dumper.py` after installing dependenciesgit-dumper http://website.com/.git ~/website
Dumps the git repository from the specified website URL into the local directory '~/website'
git-dumper --proxy http://127.0.0.1:8080 http://website.com/.git ~/website
Uses the specified proxy for all HTTP requests during the dump
git-dumper -j 10 http://website.com/.git ~/website
Sets the number of simultaneous requests to 10 to speed up the dumping process
git-dumper --user-agent 'CustomAgent' http://website.com/.git ~/website
Uses a custom user-agent string for HTTP requests
./git_dumper.py http://website.com/.git ~/website
Runs the tool from source to dump the git repository