Skip to content

Double quote to prevent globbing and word splitting #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Double quote to prevent globbing and word splitting #2

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3c5b55a
Double quote to prevent globbing and word splitting
Jun 22, 2020
2dcfae6
Use 'cd ... || exit' or 'cd ... || return' in case cd fails.
Jun 23, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 25 additions & 25 deletions gitscanner.sh
100644 → 100755
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,10 +24,10 @@ LINK='https://github.com/HightechSec/'
Codename='Assassin Actual'
Vers=1.0.2#beta
function banner(){
echo -e ${CP}" ___ ___ __ _ _ __ _ __ ___ _ __ "
echo -e ${CP}"/ __|/ __/ _' | '_ \| '_ \ / _ \ '__| "
echo -e ${CP}"\__ \ (_| (_| | | | | | | | __/ | "
echo -e ${CP}"|___/\___\__,_|_| |_|_| |_|\___|_| "
echo -e "${CP}"" ___ ___ __ _ _ __ _ __ ___ _ __ "
echo -e "${CP}""/ __|/ __/ _' | '_ \| '_ \ / _ \ '__| "
echo -e "${CP}""\__ \ (_| (_| | | | | | | | __/ | "
echo -e "${CP}""|___/\___\__,_|_| |_|_| |_|\___|_| "
echo -e "${BLUE2}A Framework for Scanning and Dumping"
echo -e " ${BLUE2}Exposed Git Repository"
}
Expand Down Expand Up @@ -131,13 +131,13 @@ function download_item() {

if [[ "$objname" =~ /[a-f0-9]{2}/[a-f0-9]{38} ]]; then
cwd=$(pwd)
cd "$BASEDIR"
cd "$BASEDIR" || exit

hash=$(echo "$objname" | sed -e 's~objects~~g' | sed -e 's~/~~g')

type=$(git cat-file -t "$hash" 2> /dev/null)
if [ $? -ne 0 ]; then
cd "$cwd"
cd "$cwd" || exit
rm "$target"
return
fi
Expand All @@ -148,7 +148,7 @@ function download_item() {
hashes+=($(git cat-file -p "$hash" | strings -a | grep -oE "([a-f0-9]{40})"))
fi

cd "$cwd"
cd "$cwd" || exit
fi

hashes+=($(cat "$target" | strings -a | grep -oE "([a-f0-9]{40})"))
Expand All @@ -166,7 +166,7 @@ function download_item() {

}
function extractor(){
cd $BASEDIR
cd "$BASEDIR" || exit
git checkout .
}
start_download && extractor
Expand All @@ -191,27 +191,27 @@ function traverse_tree() {
local path=$2

#Read blobs/tree information from root tree
git ls-tree $tree |
git ls-tree "$tree" |
while read leaf; do
type=$(echo $leaf | awk -F' ' '{print $2}') #grep -oP "^\d+\s+\K\w{4}");
hash=$(echo $leaf | awk -F' ' '{print $3}') #grep -oP "^\d+\s+\w{4}\s+\K\w{40}");
name=$(echo $leaf | awk '{$1=$2=$3=""; print substr($0,4)}') #grep -oP "^\d+\s+\w{4}\s+\w{40}\s+\K.*");
type=$(echo "$leaf" | awk -F' ' '{print $2}') #grep -oP "^\d+\s+\K\w{4}");
hash=$(echo "$leaf" | awk -F' ' '{print $3}') #grep -oP "^\d+\s+\w{4}\s+\K\w{40}");
name=$(echo "$leaf" | awk '{$1=$2=$3=""; print substr($0,4)}') #grep -oP "^\d+\s+\w{4}\s+\w{40}\s+\K.*");

# Get the blob data
git cat-file -e $hash;
git cat-file -e "$hash";
#Ignore invalid git objects (e.g. ones that are missing)
if [ $? -ne 0 ]; then
continue;
fi

if [ "$type" = "blob" ]; then
echo -e "${NEW}[+] Found file: $path/$name"
git cat-file -p $hash > "$path/$name"
git cat-file -p "$hash" > "$path/$name"
else
echo -e "${NEW}[+] Found folder: $path/$name"
mkdir -p "$path/$name";
#Recursively traverse sub trees
traverse_tree $hash "$path/$name";
traverse_tree "$hash" "$path/$name";
fi

done;
Expand All @@ -225,11 +225,11 @@ function traverse_commit() {
#Create folder for commit data
echo -e "${NEW}[+] Found commit: $commit";
path="$base/$count-$commit"
mkdir -p $path;
mkdir -p "$path";
#Add meta information
git cat-file -p "$commit" > "$path/commit-meta.txt"
#Try to extract contents of root tree
traverse_tree $commit $path
traverse_tree "$commit" "$path"
}

#Current directory as we'll switch into others and need to restore it.
Expand All @@ -242,28 +242,28 @@ if [ "${TARGETDIR:0:1}" != "/" ]; then
TARGETDIR="$OLDDIR/$TARGET"
fi

cd $SOURCE
cd "$SOURCE" || exit

#Extract all object hashes
find ".git/objects" -type f |
sed -e "s/\///g" |
sed -e "s/\.gitobjects//g" |
while read object; do

type=$(git cat-file -t $object)
type=$(git cat-file -t "$object")

# Only analyse commit objects
if [ "$type" = "commit" ]; then
CURDIR=$(pwd)
traverse_commit "$TARGETDIR" $object $COMMITCOUNT
cd $CURDIR
traverse_commit "$TARGETDIR" "$object" $COMMITCOUNT
cd "$CURDIR" || exit

COMMITCOUNT=$((COMMITCOUNT+1))
fi

done;

cd $OLDDIR;
cd "$OLDDIR" || exit;
}
#Menu Scan&Dump
function ScanDumpMenu(){
Expand Down Expand Up @@ -308,7 +308,7 @@ function mass_sdump(){
return 1
fi
clear
for SITE in $(cat $LISTS);
for SITE in $(cat "$LISTS");
do
echo ""
echo -e "${PINK}Scan & Dump process started..."
Expand Down Expand Up @@ -399,7 +399,7 @@ function mass_scan(){
return 1
fi
clear
for SITE in $(cat $LISTS);
for SITE in $(cat "$LISTS");
do
echo ""
echo -e "${PINK}Scanning process started..."
Expand Down Expand Up @@ -484,7 +484,7 @@ function mass_dump(){
return 1
fi
clear
for SITE in $(cat $LISTS);
for SITE in $(cat "$LISTS");
do
echo ""
echo -e "${PINK}Dumping process started..."
Expand Down