Here's What I Found on Scanning 2.6 Million Domains for Exposed Git Directories
by sdcat4mOctober 24th, 2022 Too Long; Didn't Read
A software developer scanned 2.6 million domains for exposed git directories and found more than 1000 public git repositories. These repositories contained harmless data like template files or static HTML pages. Some repositories revealed interesting things such as source code for web applications, databases credentials, Office 365 admin logins, private keys or RCE (remote code execution) possibilities. Even if you do not have the directory listing of a git folder from the webserver, you can download the entire content of the repository. Never expose your hidden git folder to the public.
Share Your Thoughts