Git Repositories
Table of contents
Vulnerability
Sometimes, you’ll find sensitive information in public git repositories like passwords, secrets, hashes, keys, usernames or emails. Since git is a versionning tool, such information are not necessarily in files, they could be in old commits that have aimed to delete them but still present and can be retrieved.
Prerequisites
- Internet connection.
Exploit
You can do it automatically…
# ...using gitleaks.
gitleaks detect -v -s $path
Or manually using following links.
Useful links
Recommendations
- Don’t store plaintext secrets in git repositories, especially public ones.
- Instead, use vaults or key managers to securely manage secrets’ lifecycle.