Open .git scan – the results

I published an artice about my latest security scan aimed to the exposed git repositories.

The results:

  • 230 000 000 domains checked (the list was build mainly from the Rapid 7 OpenData),
  • 390 000 affected sites found,
  • 100 000 alerts send.

The most of affected sites use PHP:

git-sites.png

But after normalization the numbers according to the market share, the worst situation is among the Python:

git-sites-normalized.png

I also tried to detect the CMS/E-commerce system, HTTP server, Operating Systems and Frameworks:

git-cms.png

git-ecommerce.png

git-http-servers.png

git-operating-systems.png

git-frameworks.png

You can find more detailed information about the scan on our company blog.

2 thoughts on “Open .git scan – the results

  1. Just found your mail notif about it when tidy up my old email. The site affected not maintained by me again since years. But the problem still persist. I just want to say thank you ^_^

    Reply
  2. Pingback: Python & Ruby webserver config – the great misunderstanding – Vladimir Smitka

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s