adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3da170a43c7f288fe9bc88fe325da488733acac3
metasploit-gs/documentation/modules/auxiliary/scanner/http/git_scanner.md
T
h00die ae8b01904a docs for git_scanner
2019-10-07 20:38:24 -04:00

68 lines
2.2 KiB
Markdown
Raw Blame History

## Vulnerable Application
This module looks for a `.git` folder on a web server, and attempts to read the `config` and `index` files to gather information about the repo.
### Environment
On Kali, we can clone metasploit into the apache folder to create a vulnerable environment.
```
root@kali:~# cd /var/www/html/
root@kali:/var/www/html# git clone https://github.com/rapid7/metasploit-framework.git
Cloning into 'metasploit-framework'...
remote: Enumerating objects: 49, done.
remote: Counting objects: 100% (49/49), done.
remote: Compressing objects: 100% (41/41), done.
remote: Total 509870 (delta 18), reused 20 (delta 8), pack-reused 509821
Receiving objects: 100% (509870/509870), 415.71 MiB | 8.61 MiB/s, done.
Resolving deltas: 100% (372897/372897), done.
Updating files: 100% (10064/10064), done.
root@kali:/var/www/html# service apache2 start
```
## Verification Steps
1. Install a git repo in a web server
2. Start msfconsole
3. Do: ```use auxiliary/scanner/http/git_scanner```
4. Do: ```set rhosts [ip]```
5. Do: ```run```
6. You should get information about the git repo
## Options
**GIT_CONFIG**
Attempts to locate the `config` file, which may contain useful information. Default is `true`.
**GIT_INDEX**
Attempts to locate the `index` file, which identifies the git version and number of files. Default is `true`.
**TARGETURI**
Where the `.git` folder is located. Default is `/.git/`
**UserAgent**
The user agent to emulate. Default is `git/1.7.9.5`.
## Scenarios
### Metasploit git on Kali
```
msf5 > use auxiliary/scanner/http/git_scanner
msf5 auxiliary(scanner/http/git_scanner) > set rhosts 127.0.0.1
rhosts => 127.0.0.1
msf5 auxiliary(scanner/http/git_scanner) > set TARGETURI /metasploit-framework/.git/
TARGETURI => /metasploit-framework/.git/
msf5 auxiliary(scanner/http/git_scanner) > run
[+] http://127.0.0.1/metasploit-framework/.git/ - git repo (version 2) found with 10064 files
[+] http://127.0.0.1/metasploit-framework/.git/config - git config file found
[+] Saved file to: /root/.msf4/loot/20191007202314_default_127.0.0.1_config_236738.txt
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
```
Reference in New Issue View Git Blame Copy Permalink