exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

HTTP Git Scanner

HTTP Git Scanner
Posted Sep 1, 2024
Authored by Jon Hart, Nixawk | Site metasploit.com

This Metasploit module can detect situations where there may be information disclosure vulnerabilities that occur when a Git repository is made available over HTTP.

tags | exploit, web, vulnerability, info disclosure
SHA-256 | f3fc66ff62ad13f3081bddfba7d9e771214b26ddbd974bf809d56a802a53e08c

HTTP Git Scanner

Change Mirror Download
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::Scanner
include Msf::Auxiliary::Report

def initialize
super(
'Name' => 'HTTP Git Scanner',
'Description' => %q(
This module can detect situations where there may be information
disclosure vulnerabilities that occur when a Git repository is made
available over HTTP.
),
'Author' => [
'Nixawk', # module developer
'Jon Hart <jon_hart[at]rapid7.com>' # improved metasploit module
],
'References' => [
['URL', 'https://github.com/git/git/blob/master/Documentation/technical/index-format.txt']
],
'License' => MSF_LICENSE
)

register_options(
[
OptString.new('TARGETURI', [true, 'The test path to .git directory', '/.git/']),
OptBool.new('GIT_INDEX', [true, 'Check index file in .git directory', true]),
OptBool.new('GIT_CONFIG', [true, 'Check config file in .git directory', true]),
OptString.new('UserAgent', [ true, 'The HTTP User-Agent sent in the request', 'git/1.7.9.5' ])
]
)
end

def req(filename)
send_request_cgi(
'uri' => normalize_uri(target_uri, filename)
)
end

def git_index_parse(resp)
return if resp.blank? || resp.length < 12 # A 12-byte header
signature = resp[0, 4]
return unless signature == 'DIRC'

version = resp[4, 4].unpack('N')[0].to_i
entries_count = resp[8, 4].unpack('N')[0].to_i

return unless version && entries_count
[version, entries_count]
end

def git_index
res = req('index')
index_uri = git_uri('index')
unless res
vprint_error("#{index_uri} - No response received")
return
end
vprint_status("#{index_uri} - HTTP/#{res.proto} #{res.code} #{res.message}")

return unless res.code == 200
version, count = git_index_parse(res.body)
return unless version && count
print_good("#{full_uri} - git repo (version #{version}) found with #{count} files")

report_note(
host: rhost,
port: rport,
proto: 'tcp',
type: 'git_index_disclosure',
data: { uri: index_uri, version: version, entries_count: count }
)
end

def git_config
res = req('config')
config_uri = git_uri('config')
unless res
vprint_error("#{config_uri} - No response received")
return
end
vprint_status("#{config_uri} - HTTP/#{res.proto} #{res.code} #{res.message}")

return unless res.code == 200 && res.body =~ /\[(?:branch|core|remote)\]/
print_good("#{config_uri} - git config file found")

report_note(
host: rhost,
port: rport,
proto: 'tcp',
type: 'git_config_disclosure',
data: { uri: config_uri }
)

path = store_loot('config', 'text/plain', rhost, res.body, config_uri)
print_good("Saved file to: #{path}")
end

def git_uri(path)
full_uri =~ %r{/$} ? "#{full_uri}#{path}" : "#{full_uri}/#{path}"
end

def run_host(_target_host)
vprint_status("#{full_uri} - scanning git disclosure")
git_index if datastore['GIT_INDEX']
git_config if datastore['GIT_CONFIG']
end
end
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close