GitTrash: Digging Deep into Git Repositories for Hidden Treasures

Do you really know what is in your repository?

You’ve probably heard of dumpster diving: the old practice of rummaging through trash bins to find sensitive information. It’s a classic trope in movies — an agent digging for a discarded Post-it or document with passwords, phone numbers, or other secrets. While it may seem outdated, the concept has a surprising relevance in offensive security. In the world of Git, “trash” can often hold treasures. Security professionals often scan repositories using great tools like trufflehog or gitleaks to uncover leaked credentials or sensitive information. However, these tools sometimes have blind spots that can miss valuable data. Let me explain:

Squashed or Deleted Branches: Imagine a developer accidentally pushes a file with credentials to a parallel branch, then removes the file before merging. If they squash the branch during the merge — or delete that branch without merging at all— traditional tools may miss the leaked credentials hidden in the repository’s history.Non-Text Files: Sometimes, sensitive information is embedded in non-text formats like images (e.g., a flowchart with credentials). Traditional text-based scanning tools often overlook such files.Pull Requests: Pull requests are typically reviewed by team members, but most Git tools summarize changes between branches. This can make it hard to detect if sensitive files were accidentally included during a commit.

There are plenty more scenarios like these. Over the years, I’ve come across bizarre cases where sensitive data was pushed to a repository, and no one realized it until much later.

That’s why I created GitTrash. Its mission is simple: restore all deleted files from a Git repository. Sure, it might bring back a lot of garbage (pun intended), but with patience — or some help from tools like gf — you could uncover something really important.

GitTrash is straightforward to use. Here’s the help menu for reference:

gittrash.py [-h] -r REPOSITORY [-f FILE] [-o OUTPUT] [-a] [-v]
Search for files in a Git repository and copy them to an output folder.

options:

-h, - help show this help message and exit

-r REPOSITORY, - repository REPOSITORY
Path to the Git repository

-f FILE, - file FILE File containing patterns to search for (default: .gitignore in the repository
folder)

-o OUTPUT, - output OUTPUT
Output folder to copy matched files to (default: extracted)

-a, - all Restore all deleted files. Ignore - file

Developers often add unwanted files to the .gitignore file. That's a great clue for tracking down sensitive data. (If that file does not exists, just create a empty one)For a more extensive search, use the --all flag to restore all deleted files.Files can include code, images, text, or any other type. It’s up to you to inspect them for sensitive information. I hope this tool makes your work easier — or earns you a nice bounty! If it does, let me know! Feel free to connect with me on X: @sheryx00. 😊