LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.

Gitbleed_Tools - For Extracting Data From Mirrorred Git Repositories

2 years ago 134
BOOK THIS SPACE FOR AD
ARTICLE AD

This repo contains shell scripts that can be used to download and analyze differences between cloned and mirror Git repositories. For more information about the underlying quirk in Git behavior, please visit read our blog post.

What Do These Scripts Do?

These scripts will clone a copy of the given Git repository, both as regular clone and mirrored ("--mirror") option. It will then create a delta between the two, seeking to find the parts of the repository that are only available in mirror mode. Last, gitleaks will be run to see if any secrets are present in the delta portion, and "git log" will be used to create a single file containing the bodies of the commits so they can be analyzed easier.

Please note that since this script creates three copies of the repository, it may consume a lot of disk space.

Example repositories

You can test these tools on the following two example repositories:

gb_testrepo_delete - repository hiding secrets via deleted commits gb_testrepo_reset - repository hiding secrets via "git reset"

Requirements

You will need Git, Python 3. GitLeaks and git-filter-repo to be installed. Here is an example of installing these on MacOS:

brew install git python3 gitleaks git-filter-repo

How to Install and Run

You can run this againt a repository as follows:

git clone https://github.com/nightwatchcybersecurity/gitbleed_tools.git
cd gitbleed_tools
./gitbleed.sh https://github.com/nightwatchcybersecurity/gitbleed_tools.git example

There are also some helper scripts that can be used to scan GitHub and GitLab repositories as follows:

./gitbleed_gh.sh nightwatchcybersecurity/gitbleed_tools
./gitbleed_gl.sh nwcs/junit_ui_bug

This will create an example folder containing three subfolders:

clone - contains the cloned repository delta - contains the mirrrored repository minus all of the commits in the "clone" mirror - contains the mirrored repository cloned with the "--mirror" option

There are also three files created:

clone_hashes.done.txt - list of hashes in the cloned repository gitleaks.json - results from running gitleaks gitlog.txt - all commits from the delta folder concatenated into a single file

Reporting bugs and feature requests

Please use the GitHub issue tracker to report issues or suggest features: https://github.com/nightwatchcybersecurity/gitbleed_tools

You can also send emai to research /at/ nightwatchcybersecurity [dot] com

Wishlist

TBD

Gitbleed_Tools - For Extracting Data From Mirrorred Git Repositories Gitbleed_Tools - For Extracting Data From Mirrorred Git Repositories Reviewed by Zion3R on 8:30 AM Rating: 5

Read Entire Article
  3. Gitbleed_Tools - For Extracting Data From Mirrorred Git Repositories

Related

File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add

File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add

Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests

Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests

Psobf - PowerShell Obfuscator

Psobf - PowerShell Obfuscator

DockerSpy - DockerSpy Searches For Images On Docker Hub And Extracts Sensitive Information Such As Authentication Secrets, Private Keys, And More

DockerSpy - DockerSpy Searches For Images On Docker Hub And Extracts Sensitive Information Such As Authentication Secrets, Private Keys, And More

Ashok - A OSINT Recon Tool, A.K.A Swiss Army Knife

Ashok - A OSINT Recon Tool, A.K.A Swiss Army Knife

VulnNodeApp - A Vulnerable Node.Js Application

VulnNodeApp - A Vulnerable Node.Js Application

Trending

1. Steve Smith
2. West Indies vs Bangladesh
3. OTET Result 2024
4. Nitish kumar reddy
5. Nithin Kamath
6. Pam Bondi
7. Harshit Rana
8. Zebra movie
9. Mukesh Ambani
10. C2C Advanced Systems IPO GMP

Popular

Install waybackurls on Kali Linux

Install waybackurls on Kali Linux

1-click RCE in Electron Applications

1-click RCE in Electron Applications

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Install DalFox on Kali Linux

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Autodesk Revit 2023 R1 Build 23.0.11.19 (x64) Multilingual + Crack

Autodesk Revit 2023 R1 Build 23.0.11.19 (x64) Multilingual + Crack

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

BOOK THIS SPACE FOR AD
RIGHT SIDEBAR BOTTOM AD
Bengali (Bangladesh) Bengali (Bangladesh) · English (United States) English (United States) ·
About Us · Terms & Condition · Contact Us
© Security Alert 2024. All rights are reserved