GitPwnd is a tool to aid in network penetration tests.

GitPwnd is a tool to aid in network penetration tests.

GitPwnd is a tool to aid in network penetration tests. GitPwnd allows an attacker to send commands to compromised machines and receive the results back using a git repo as the command and control transport layer. By using git as the communication mechanism, the compromised machines don’t need to communicate directly with your attack server that is likely at a host or IP that’s untrusted by the compromised machine.

Currently GitPwnd assumes that the command and control git repo is hosted on GitHub, but this is just an implementation detail for the current iteration. The same technique is equally applicable to any service that can host a git repo, whether it is BitBucket, Gitlab, etc.

gitpwnd

Dependencies:
+ github Account
+ Python3
+ git

Usage:

Source: https://github.com/nccgroup