dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
metasploit-framework/documentation/modules/auxiliary/scanner/http/git_scanner.md

2.2 KiB
Raw Permalink Blame History

Vulnerable Application

This module looks for a .git folder on a web server, and attempts to read the config and index files to gather information about the repo.

Environment

On Kali, we can clone metasploit into the apache folder to create a vulnerable environment.

root@kali:~# cd /var/www/html/
root@kali:/var/www/html# git clone https://github.com/rapid7/metasploit-framework.git
Cloning into 'metasploit-framework'...
remote: Enumerating objects: 49, done.
remote: Counting objects: 100% (49/49), done.
remote: Compressing objects: 100% (41/41), done.
remote: Total 509870 (delta 18), reused 20 (delta 8), pack-reused 509821
Receiving objects: 100% (509870/509870), 415.71 MiB | 8.61 MiB/s, done.
Resolving deltas: 100% (372897/372897), done.
Updating files: 100% (10064/10064), done.
root@kali:/var/www/html# service apache2 start

Verification Steps

  1. Install a git repo in a web server
  2. Start msfconsole
  3. Do: use auxiliary/scanner/http/git_scanner
  4. Do: set rhosts [ip]
  5. Do: run
  6. You should get information about the git repo

Options

GIT_CONFIG

Attempts to locate the config file, which may contain useful information. Default is true.

GIT_INDEX

Attempts to locate the index file, which identifies the git version and number of files. Default is true.

TARGETURI

Where the .git folder is located. Default is /.git/

UserAgent

The user agent to emulate. Default is git/1.7.9.5.

Scenarios

Metasploit git on Kali

msf5 > use auxiliary/scanner/http/git_scanner 
msf5 auxiliary(scanner/http/git_scanner) > set rhosts 127.0.0.1
rhosts => 127.0.0.1
msf5 auxiliary(scanner/http/git_scanner) > set TARGETURI /metasploit-framework/.git/
TARGETURI => /metasploit-framework/.git/
msf5 auxiliary(scanner/http/git_scanner) > run

[+] http://127.0.0.1/metasploit-framework/.git/ - git repo (version 2) found with 10064 files
[+] http://127.0.0.1/metasploit-framework/.git/config - git config file found
[+] Saved file to: /root/.msf4/loot/20191007202314_default_127.0.0.1_config_236738.txt
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed