In this video, we look through research by CyberNews and other independent researchers that exposes the huge problem of publicly accessible.git directories hosted on web servers. These folders contain all the metadata from a git repository including all the history, commit data and remote host information. These can contain lots of sensitive information that hackers can use to exploit your website and are often very sensitive.
We look in detail at what.git directories are, what sensitive information they contain and how they become accidentally public.

Links:
CyberNews research - https://cybernews.com/security/millions-git-folders-exposed/
SDCat Research - https://sdcat.medium.com/
Indian gov breach - https://blog.gitguardian.com/indian-government-breached/

Tools
GGShield, detect secrets in git - https://github.com/GitGuardian/ggshield
Amass, In-depth Attack Surface Mapping and Asset Discovery https://github.com/OWASP/Amass
DirSearch, Web path scanner - https://github.com/maurosoria/dirsearch
GitJacker - https://github.com/liamg/gitjacker

Intro 0:00
What are.git directories 0:44
Why are.git directories sensitive 0:37
How are.git folders get exposed 4:30