Feb 04, 2015
**Get Git **is a Chrome extension that I hammered out today, inspired by these slides. Get Git recursively traverses the websites you browse, hunting for misconfigured web accessible Git repos what are web accessible — and of course, once you have access to the .git/ directory, it’s open season on source code, API keys, hard coded passwords, and even internal network structure if they’ve liberally set up remote origins.
There’s actually a lot of sensitive info available in Git repos, and I was interested how many sites I browse are revealing things. Get Git also handles websites with directory listings turned off, so even half baked security won’t hide the repo.