id: git-config info: name: Git Config Disclosure author: pd-team & pikpikcu severity: medium description: Searches for the pattern /.git/config on passed URLs. tags: config,git,exposures requests: - raw: - | GET /.git/config HTTP/1.1 Host: {{Hostname}} User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Content-Type: application/x-www-form-urlencoded Content-Length: 1 Connection: close matchers-condition: and matchers: - type: word words: - "[core]" - type: dsl dsl: - 'contains(tolower(body), "") == false'