Git Fingerprint: web fingerprinting tool
Git Fingerprint is a web fingerprinting tool that attempts to scan a target based on the files a git repository by enumerating over all files ever found in the public web root and comparing cryptographic hashes of each commit, branch or tag in order to calculate the best possible match.
How does it work
This part is pretty simple, git fingerprint works as follows:
- It hashes all files locally (per tag/branch or even commit, depending on how aggressive the scan should be)
- Creates a list of all files that existed in the public web-root (such as js/css) files, try to fetch them from the live server and hash the results
- Once all files have been hashed, a comparison will be made between the files that were successfully downloaded.
- Finally, a sorted list (grouped by tag/commit/branch) is printed out for the user to hopefully see which version of the software the target is running!
- Python 3.6+
- A good CPU
$ pip install git-fingerprint
More info, please read here.
Copyright (c) 2018 Luke Paris (Paradoxis)