Owning all .svn and .git repositories
This tool is used to rip version controlled systems such as SVN, Git, and Mercurial/hg, Bazaar. The tool is built in Python and is pretty simple to use. In this recipe, you will learn how to use the tool to rip the repositories.
This vulnerability exists because most of the time when using a version-controlled system, developers host their repository in production. Leaving these folders allows a hacker to download the whole source code.
How to do it...
The following steps demonstrate the use of repositories:
- We can download
dvcs-ripper.gitfrom GitHub using:
git clone https://github.com/kost/dvcs-ripper.git- We browse the
dvcs-ripperdirectory:
- To rip a Git repository, the command is very simple:
rip-git.pl -v -u http://www.example.com/.git/- We let it run and then we should see a
.gitfolder created, and in it, we should see the source code:
- Similarly, we can use the following command to rip SVN:
rip-svn.pl -v -u http://www.example.com/.svn...
