Security Researcher 🔓

Vladimir Smitka

Open .git scan – the results

I published an artice about my latest security scan aimed to the exposed git repositories.

The results:

  • 230 000 000 domains checked (the list was build mainly from the Rapid 7 OpenData),
  • 390 000 affected sites found,
  • 100 000 alerts send.

The most of affected sites use PHP:

git-sites.png

But after normalization the numbers according to the market share, the worst situation is among the Python:

git-sites-normalized.png

I also tried to detect the CMS/E-commerce system, HTTP server, Operating Systems and Frameworks:

git-cms.png

git-ecommerce.png

git-http-servers.png

git-operating-systems.png

git-frameworks.png

You can find more detailed information about the scan on our company blog.

Discover more from Vladimir Smitka

Subscribe to get the latest posts sent to your email.

3 responses to “Open .git scan – the results”

  1. Anonymous

    Thanks

    Like

    Reply
  2. anon

    Just found your mail notif about it when tidy up my old email. The site affected not maintained by me again since years. But the problem still persist. I just want to say thank you ^_^

    Like

    Reply
  3. Python & Ruby webserver config – the great misunderstanding – Vladimir Smitka

    […] ago I ran a huge global scan for unintentionally exposed .git repositories. I was surprised to find many Python and Ruby applications with this issue. The total number wasn’t very high – around two thousand, […]

    Like

    Reply

Leave a reply to Anonymous Cancel reply

About Me

My name is Vladimir Smitka and I’m a security researcher/hobbyist from the Czech Republic. I’m also the owner of Lynt, a PPC Agency. I’m also an active member of the Czech WordPress community and one of the WordCamp Prague organizers.

OPEN .GIT GLOBAL SCAN

  • 230 000 000 sites scanned 🔍
  • 390 000 sites affected 😥
  • 100 000 mail send to the developers 📧
  • 150 000+ sites fixed 
  • 100+ possitive comments 🗨️
  • 3500+ thankyou mails ❤️
  • Thousands and thousands sites with another serious issue found 😑
Read more

For my research I use affordable Virtual Private Servers from Digital Ocean (they have a great infrascruture), Linode (they have a great understanding for my work) and dedicted servers from Hetzner.

If you like my research, you can make a small donation for coffee and VPS – two basic ingredients for my future security scans.

Donate – PAYPAL

Follow me

Our Projects

Latest Articles

Previous:
Next: