The new Gitjacker tool, developed by Liam Galvin, enables developers to find out if they have uploaded .git folders online, which could expose sensitive data to hackers. A .git folder stores repository data, which can provide an attacker access to raw source code and configuration data like database passwords and password salts.
- Galvin explained that web servers with directory listings make an attack on .git folders easier for attackers.
- Gitjacker not only finds an exposed .git folder, but also enables the developer to extract the content.
- Unfortunately, Gitjacker can also be abused by hackers to extract sensitive content from the .git folders.