Git

Basic Usages

ssh-agent add [sskkey]
ssh -T git@github.com
 
# Fetch project files
git pull
git clone https://github.project.zip
 
# Change project 
git remote -v
git remote set-url origin <NEW_GIT_URL_HERE>
 
# Commit changes and push
git add . # or [filename]
git status
git commit -m "Log message"
git push [branch main]
 

Git Internals & Local Inspection

# View commit history
git log
 
# Show details of a specific object/commit
git show [object-hash]
 
# Inspect raw object storage
ls .git/objects/
ls .git/objects/**  # e.g. 0a/082f2656a655c8b0a87956c7bcdc93dfda23f8
 
# Read Git object metadata or contents
git cat-file -t OBJECT-HASH    # Show type (commit/blob/tree)
git cat-file -p OBJECT-HASH    # Pretty print the object
 
# View HEAD and config
cat .git/HEAD
cat .git/config

Commit History & Artifact Recovery

# Search for keywords in commits
git log -p | grep -i password
 
# Search for sensitive terms in repo history
git grep -i 'apikey'
 
# List all deleted files (may be recoverable)
git log --diff-filter=D --summary
 
# Recover specific file from old commit
git checkout COMMIT_HASH^ -- path/to/file
 
# See file rename history
git log --follow path/to/file

• Check for sensitive files that may be ignored but still present locally

# List ignored files
git ls-files --others -i --exclude-standard
 
# Manually inspect .gitignore
cat .gitignore

---

Remote Exposure & GitHub Recon

filename:.env
filename:id_rsa
filename:.htpasswd
filename:.npmrc _auth
filename:.dockercfg auth
extension:json api_key
extension:env DB_PASSWORD

Use tools like:

• https://github.com/obheda12/GitDorker
• https://github.com/nahamsec/Resources/blob/master/Recon/Dorking.md

---

Automation & Exploitation Tools

---

git-dumper
https://github.com/arthaud/git-dumper

# Install
pip install git-dumper
 
# Dump repo from exposed .git directory
git-dumper http://target.com/.git ~/dump_here

---

TruffleHog
https://github.com/trufflesecurity/trufflehog

# Install
pip install trufflehog
 
# Scan repo for secrets
trufflehog git https://github.com/user/repo

---

GitTools (internetwache)
https://github.com/internetwache/GitTools

• GitTools/Dumper – Dump incomplete .git repos
• GitTools/Extractor – Extract commit contents
• GitTools/History – Recover deleted files

# Dump a target .git
./Dumper/gitdumper.sh http://target.com/.git/ ./out
 
# Extract and rebuild repo
./Extractor/extractor.sh ./out ./reconstructed