# Git

If a _.git_ directory is found in a web application you can download all the content using _wget -r http://web.com/.git._ Then, you can see the changes made by using _git diff_.

The tools: [Git-Money](https://github.com/dnoiz1/git-money), [DVCS-Pillage](https://github.com/evilpacket/DVCS-Pillage) and [GitTools](https://github.com/internetwache/GitTools) can be used to retrieve the content of a git directory.

The tool [https://github.com/cve-search/git-vuln-finder](https://github.com/cve-search/git-vuln-finder) can be used to search for CVEs and security vulnerability messages inside commits messages.

The tool [https://github.com/michenriksen/gitrob](https://github.com/michenriksen/gitrob) search for sensitive data in the repositories of an organisations and its employees.

 [Repo security scanner](https://github.com/UKHomeOffice/repo-security-scanner) is a command line-based tool that was written with a single goal: to help you discover GitHub secrets that developers accidentally made by pushing sensitive data. And like the others, it will help you find passwords, private keys, usernames, tokens and more.

 [TruffleHog](https://github.com/dxa4481/truffleHog) searches through GitHub repositories and digs through the commit history and branches, looking for accidentally committed secrets

Here you can find an study about github dorks: [https://securitytrails.com/blog/github-dorks](https://securitytrails.com/blog/github-dorks)