Script http-git

Script types: portrule
Categories: default, safe, vuln
Download: https://svn.nmap.org/nmap/scripts/http-git.nse

Script Summary

Checks for a Git repository found in a website's document root /.git/<something>) and retrieves as much repo information as possible, including language/framework, remotes, last commit message, and repository description.

Script Arguments

http-git.root

URL path to search for a .git directory. Default: /

slaxml.debug

See the documentation for the slaxml library.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap -sV -sC <target>

Script Output

PORT   STATE SERVICE REASON
80/tcp open  http    syn-ack
| http-git:
|   127.0.0.1:80/.git/
|     Git repository found!
|     .git/config matched patterns 'passw'
|     Repository description: Unnamed repository; edit this file 'description' to name the...
|     Remotes:
|       http://github.com/someuser/somerepo
|     Project type: Ruby on Rails web application (guessed from .git/info/exclude)
|   127.0.0.1:80/damagedrepository/.git/
|_    Potential Git repository found (found 2/6 expected files)

Requires

• http
• shortport
• stdnse
• string
• table

---

Author:

• Alex Weber

License: Same as Nmap--See https://nmap.org/book/man-legal.html