Git Repositories

Table of contents

1. Vulnerability
2. Prerequisites
3. Exploit
4. Useful links
5. Recommendations

---

Vulnerability

Sometimes, you’ll find sensitive information in public git repositories like passwords, secrets, hashes, keys, usernames or emails. Since git is a versionning tool, such information are not necessarily in files, they could be in old commits that have aimed to delete them but still present and can be retrieved.

Prerequisites

• Internet connection.

Exploit

You can do it automatically…

# ...using gitleaks.
gitleaks detect -v -s $path

Or manually using following links.

Useful links

• GitLab
• GitHub
• GitHub Gist
• SourceForge

Recommendations

• Don’t store plaintext secrets in git repositories, especially public ones.
• Instead, use vaults or key managers to securely manage secrets’ lifecycle.