Very basic logs parser, just for HEAD. A start on the enhancement for #7

tautology0 · Oct 21, 2020 · 67520d0 · 67520d0
1 parent 9b2b7e3
commit 67520d0
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -26,7 +26,7 @@ usage: git-grab [-h] [--cache [CACHE]] [--verbose] [--outdir OUTDIR]
 Abuse .git repos on web servers
 
 positional arguments:
-  action           Action to perform: ls, download, view, scan, discover
+  action           Action to perform: ls, download, view, scan, discover, logs
   files            list of file globs
 
 optional arguments:
@@ -85,3 +85,6 @@ This will perform a diff between two versions of a file using Python's difflib.
 ```git-grab --url vulnerablesite.com diff admin.php 0 1```
 
 Discover will need to be run first so that git-grab can try and discover any different versions in place in the archive.
+
+### logs
+This will dump the logs, showing commit comments and the users doing the commit. A future enhancement will tie this into discovery.
diff --git a/git-grab b/git-grab
@@ -362,6 +362,20 @@ if args.action == "diff":
 
 	exit(0)
 
+if args.action == "logs":
+	# Attempt to make sense of the git logs, we can discover from this too
+	# Start with HEAD
+	try:
+		thisfile=opencachefile(f"{url}/.git/logs/HEAD")
+	except Exception as e:
+		error(f"Could not obtain HEAD log")
+
+	for line in thisfile:
+		out=re.search(r"(.+?) (.*?) (.*?>) (.*)?\t(.*)$", line.decode().rstrip("\n"))
+		print(f"{out.group(3)}\n\t{out.group(5)}")
+
+	exit(0)
+
 if args.action == "download" or args.action == "view":
 	files=set()
 	params=args.files