Github Writeup

$ cat .git/logs/HEAD
$ git checkout .
$ git fsck --full
$ git reflog
git cherry-pick 759be94
cat index.php
--
git log
Result : 
395e087334d613d5e423cdf8f7be27196a360459

lalu baca isi file tersebut dengan

git show 395e087334d613d5e423cdf8f7be27196a360459

git diff 395e087334d613d5e423cdf8f7be27196a360459


Dumper dan Extractor
https://github.com/internetwache/GitTools

$ ./gitdumper.sh -h

[*] USAGE: 
http://target.tld/.git/ dest-dir [--git-dir=otherdir]

./extractor.sh /tmp/mygitrepo /tmp/mygitrepodump


----------------------------------
File/Folder:

.git/config
Impact — Git repo leak, commit history

2. .env

Impact — AWS creds, DB passwords, JWT secrets

3. debug.log

Impact — Internal error stack traces

4. composer.lock

Impact — Package info → CVEs or RCE

5. .DS_Store

Impact — Directory structure leak

6. backup.sql, db.bak

Impact — Full database dump leak

7. *.swp, *~, index.old

Impact — Editor backups → source leak

How to Hunt

Use Gau/Waybackurls
Grab all historical and live URLs:

Copy
gau target.com | grep -iE "\.git|\.env|\.log|\.sql"
2. Directory Bruteforce

Use dirsearch or ffuf with a dev-focused wordlist:

Copy
ffuf -u https://target.com/FUZZ -w dev_files.txt -t 100
Sample entries in dev_files.txt:

Copy
.git/
.env
debug.log
backup/
admin.bak
database.sql
composer.lock
3. Git Digger

Found a .git/ directory? Use:

Copy
git-dumper https://target.com/.git/ /tmp/output
cd /tmp/output && cat config && git log


cat targets.txt | waybackurls | grep -Ei "\.(env|sql|log|bak)$"