Enumerate version information from a target using Git.
The blog post explaining the technique is available here:
https://blog.secarma.co.uk/git-fingerprint-tool-release
This tool was publicly demonstrated at BSides Scotland 2018 along with a bunch of other techniques using Git with pentesting. The slides and video of that talk available here:
https://blog.secarma.co.uk/labs/hacking-with-git-the-video
If you are interested.
I have developed and tested this on a Kali VM. A trial installation was done in a clean VM using "Kali 2018.2" image from this URL:
http://cdimage.kali.org/kali-2018.2/kali-linux-2018.2-amd64.iso
Your mileage will vary for any other version or OS.
Kali 2018.2 ships without python3’s pip so you need to install that:
apt-get install python3-pipThis was the only required OS package.
Only 3 modules were required in Kali 2018.2. To install those use “pip3 install” as shown below:
Update from 2024: I had the foresight to write this in Python3. But not that OSes would move to their own package manager to maintain requirements. I found that this worked for me when I needed it now. I had to use a venv and then install the requirements in there.
apt install python3.11-venv
python3 -m venv .venv
source .venv/bin/activate
python3 -m pip install --upgrade pip
python3 -m pip install -r requirements.txtLaunch the command prompt interface using the command below:
python3 interface.pyThis will launch the CMD2 powered prompt which displays a usage workflow:
Follow the suggested workflow to fingerprint your target.
The path used to point to the local repository should be one directory higher than the "git-fingerprint" folder. Such that "../foldername/" is the path. This is so the URLs passed during downloading are correct. If you used "/tmp/foldername" then the download URL would include "/tmp/".
I may address this later with a patch. For now save your target repository so that you have this folder structure:
..
git-fingerprint
foldername
So the target repository folder (foldername) is in the same parent folder as "git-fingerprint"
You can have that because CMD2 supports commands via the command line. Specify each command, and its inputs, within quotes. For example, you can enumerate and show the file extensions within a repository using this command:
python3 interface.py "set_repo_path ../PhotoShow/" "findextensions" "show_extensions" "quit"In the above "../PhotoShow/" was a valid git repository one folder higher than the git-fingerprint folder. Commands execute one after the other.
Yes you can. CMD2 ships with the "load" command which takes commands from a file and executes. For example, save your commands into a file "commands.txt". Then execute using "load commands.txt" either via the command prompt or via the command line interfaces. The following shows the command line executing those commands:
python3 interface.py "load commands.txt"CMD2 gives you a built in "help" command. Type "help" and get a short summary as shown:
You can get more verbose help with "help -v":
You can get advanced help with each command using the "help " syntax as shown:
If these do not solve your problem you can always try a ticket on GitHub or to tag me on Twitter @cornerpirate.