Want to Practice These Techniques?

Try Hackviser's interactive cyber security upskilling platform - Learn by doing!

Git and SVN

Default Ports: 9418 (Git), 3690 (SVN), 80/443 (HTTP/HTTPS)

Git and SVN are source code version control systems. In pentests, exposed repositories can leak source code, commit history, credentials, deployment scripts, CI configs, and internal architecture.

Connect

Using Git

Use Git clients to test clone and ls-remote access.

git ls-remote git://target.com/project.git
git clone git://target.com/project.git
git clone https://target.com/project.git

Using SVN

Use SVN clients to list repositories and checkout accessible paths.

svn list svn://target.com/
svn checkout svn://target.com/project
svn list https://target.com/svn/project

Using curl

HTTP checks reveal exposed .git, SVN, cgit, GitWeb, or repository portals.

curl -I https://target.com/.git/
curl -I https://target.com/.svn/
curl -I https://target.com/git/
curl -I https://target.com/svn/

Recon

Service Detection with Nmap

Scan native Git, native SVN, and web repository ports.

nmap -p 80,443,3690,9418 -sV target.com
nmap -p 80,443 --script http-title,http-headers target.com
nmap -p 3690,9418 --open -sV 10.10.10.0/24

Web Repository Discovery

Look for common repository interfaces and leaked metadata directories.

ffuf -u https://target.com/FUZZ -w wordlist.txt -mc all
curl -I https://target.com/.git/HEAD
curl -I https://target.com/.svn/entries
curl -I https://target.com/.git/config

Git Protocol Discovery

The Git protocol may allow unauthenticated clone or repository listing.

git ls-remote git://target.com/repo.git
nmap -p 9418 --script git-info target.com

SVN Discovery

SVN may expose repository roots, branches, and revision history.

svn list svn://target.com/
svn info svn://target.com/project
nmap -p 3690 -sV target.com

Enumeration

Exposed `.git` Enumeration

An exposed .git directory can allow full source recovery.

curl https://target.com/.git/HEAD
curl https://target.com/.git/config
git-dumper https://target.com/.git/ ./dumped-git

Git Repository Enumeration

After cloning, enumerate branches, tags, remotes, and logs.

git branch -a
git tag
git remote -v
git log --oneline --all --decorate

Git History Enumeration

Secrets often appear in old commits even when removed later.

git log --all --stat
git grep -n -I 'password\|secret\|token\|apikey' $(git rev-list --all)
gitleaks detect --source .
trufflehog git file://$(pwd)

SVN Repository Enumeration

SVN history and properties can expose old files and metadata.

svn list -R svn://target.com/project
svn log svn://target.com/project
svn info svn://target.com/project
svn propget -R svn:externals svn://target.com/project

SVN Working Copy Enumeration

Leaked .svn directories can expose source and repository URLs.

curl https://target.com/.svn/entries
curl https://target.com/.svn/wc.db -o wc.db
sqlite3 wc.db 'select local_relpath, repos_path from NODES limit 20;'

Attack Vectors

Anonymous Clone

Anonymous clone exposes current source and sometimes full history.

git clone git://target.com/project.git
git clone https://target.com/project.git
svn checkout svn://target.com/project

Exposed Metadata Directory

Leaked .git or .svn directories can reconstruct private code.

git-dumper https://target.com/.git/ ./dumped-git
svn checkout https://target.com/.svn/ ./dumped-svn

Secret Leakage

Search source and history for credentials and tokens.

gitleaks detect --source .
trufflehog git file://$(pwd)
rg -n 'password|passwd|secret|token|apikey|private_key|BEGIN RSA|AWS_ACCESS_KEY' .

Writable Repository Access

Write access can alter code, CI configs, hooks, or release assets.

git push origin test-branch
svn commit -m "authorized test commit"

CI/CD Pivot

Repository files often reveal build systems and deployment secrets.

rg -n 'Jenkinsfile|gitlab-ci|github/workflows|deploy|kubeconfig|helm|docker login|registry' .
rg -n 'NEXUS|ARTIFACTORY|HARBOR|AWS_|AZURE_|GCP_|DOCKER_' .

Post-Exploitation

Repository Impact Review

Document branches, tags, remotes, and sensitive paths.

git branch -a > branches.txt
git tag > tags.txt
git remote -v > remotes.txt
git log --oneline --all > commits.txt

Secret Validation

Do not use secrets broadly; validate scope safely and report rotation needs.

gitleaks detect --source . --report-format json --report-path gitleaks.json
trufflehog filesystem . --json > trufflehog.json

Internal Mapping

Source code reveals endpoints, hostnames, and dependencies.

rg -n 'https?://|jdbc:|mongodb://|redis://|amqp://|ldap://|kafka|s3://' .
rg -n 'prod|staging|internal|corp|cluster|namespace|tenant' .

Useful Tools

Tool	Purpose
`git`	Git clone and history review
`svn`	SVN listing and checkout
`git-dumper`	Exposed `.git` recovery
`curl`	Metadata path checks
`ffuf`	Directory discovery
`gitleaks`	Secret scanning
`trufflehog`	Secret scanning
`sqlite3`	SVN `wc.db` review

Security Misconfigurations

Misconfiguration	Risk
Anonymous Git clone	Source and history exposure
Anonymous SVN checkout	Source and revision exposure
Exposed `.git` directory	Full repository reconstruction
Exposed `.svn` directory	Working copy and source leakage
Secrets in history	Credential compromise
Writable repository access	Supply-chain compromise
CI/CD configs exposed	Build and deployment pivot
Weak repository auth	Unauthorized source access

Want to Practice These Techniques?

Git and SVN

Connect​

Using Git​

Using SVN​

Using curl​

Recon​

Service Detection with Nmap​

Web Repository Discovery​

Git Protocol Discovery​

SVN Discovery​

Enumeration​

Exposed .git Enumeration​

Git Repository Enumeration​

Git History Enumeration​

SVN Repository Enumeration​

SVN Working Copy Enumeration​

Attack Vectors​

Anonymous Clone​

Exposed Metadata Directory​

Secret Leakage​

Writable Repository Access​

CI/CD Pivot​

Post-Exploitation​

Repository Impact Review​

Secret Validation​

Internal Mapping​

Useful Tools​

Security Misconfigurations​