id: git-mailmap info: name: Git Mailmap File Disclosure author: geeknik,DhiyaneshDK severity: low description: Git Mailmap file is exposed. reference: https://man7.org/linux/man-pages/man5/gitmailmap.5.html metadata: verified: true max-request: 1 shodan-query: html:mailmap tags: config,exposure,git,mailmap,files http: - method: GET path: - "{{BaseURL}}/.mailmap" matchers-condition: and matchers: - type: regex regex: - "(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|\"(?:[\\x01-\\x08\\x0b\\x0c\\x0e-\\x1f\\x21\\x23-\\x5b\\x5d-\\x7f]|\\\\[\\x01-\\x09\\x0b\\x0c\\x0e-\\x7f])*\")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\\[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:(?:[\\x01-\\x08\\x0b\\x0c\\x0e-\\x1f\\x21-\\x5a\\x53-\\x7f]|\\\\[\\x01-\\x09\\x0b\\x0c\\x0e-\\x7f])+)\\])" - type: word part: header words: - "application/octet-stream" - type: word part: body words: - "# Theresa O'Connor:" negative: true - type: status status: - 200 # digest: 4a0a00473045022100aea6f55c151da3533a23fff3ea34789c86f4e8634e81e427401c5159d18a3e7102207ec7da22ef8807432cfed1241fe2527f7104a0fdb90d7087a93a0a33fe364798:922c64590222798bb761d5b6d8e72950