Find Exposed .git Folders with Credentials

PRO

Discover exposed Git repositories that may contain hardcoded API keys, database passwords, and AWS credentials

Intermediate
High risk - authorized use only
bug bounty

Google Dork Query:

••••••••••••••••••••••••••••••••••
0
Not verified

What It Does

Searches for publicly accessible .git directories which attackers can clone to access complete source code history, potentially including sensitive credentials that developers accidentally committed.

Common Use Cases

  • Bug Bounty Hunting: Find high-severity vulnerabilities in bug bounty programs
  • Credential Exposure: Identify leaked API keys and passwords in source code
  • Code Review: Analyze application security by reviewing exposed source

How to Use Safely

  1. Click the "Copy Query" button above
  2. Navigate to google.com in a new tab
  3. Paste the query into Google's search box
  4. Review results carefully - Only interact with authorized systems
  5. Always obtain authorization before security testing

Responsible Use Required

This dork should only be used on systems you own or have explicit authorization to test. Unauthorized access to computer systems is illegal. Always follow ethical guidelines and obtain proper permission before testing.

TAGS

git
credentials
secrets
source-code

Related Dorks

Find Public Jira Dashboards

Discover exposed Jira project management dashboards that may contain sensitive project information.

Exposed Git Repositories

Find publicly accessible .git directories that may expose source code and commit history.

AWS S3 Bucket Listings

Find publicly accessible Amazon S3 buckets that may contain sensitive data.