Developers can use the new tool names Gitjacker to detect if they accidentally uploaded /.git folders online or have left sensitive data exposed for potential attacks. Liam Galvin, a British software engineer, developed the tool and is written in Go. The tool was made available on GitHub as a free download. The simplest version can scan a domain and allow users to detect the location of a /.git folder on the production systems.
Read More: Enhanced IT security with deception strategy
To put into proper context, developers should never upload /.git folders online. The folder has complete repository data like commit history, the real content of each repository file, and configuration.
Source: Zdnet
