DotGit Enhanced

Name: DotGit Enhanced
Author: MaorDayan

Detect exposed .git repositories, download objects, and extract source files — all in one click

As of June 2026, DotGit Enhanced has 51 users in the Developer Tools category.

MaorDayan Developer Tools

Chrome Web Store ↗.crx

Users+292.3%

Rating0%

—

— reviews

Reviews0%

—

Version

6.0

Manifest V3

History

9 snapshots

Tracking since Apr 1, 2026.

View as table

Date	Users	Rating	Reviews	Version
Apr 1, 2026	13	—	—	6.0
Apr 16, 2026	17	—	—	6.0
Apr 24, 2026	22	—	—	6.0
Apr 30, 2026	27	—	—	6.0
May 7, 2026	33	—	—	6.0
May 17, 2026	37	—	—	6.0
May 24, 2026	41	—	—	6.0
May 31, 2026	48	—	—	6.0
Jun 6, 2026	49	—	—	6.0
Now	51	—	—	6.0

Permissions & access

Permissions: webRequeststoragenotificationsdownloadstabsscripting
Host access: http://*/*, https://*/*, ws://*/*, wss://*/*

Screenshots

About

DotGit Enhanced is a security research browser extension that automatically detects exposed version control directories and sensitive files on every website you visit.

🔍 WHAT IT DETECTS
- Exposed .git/ repositories (validates HEAD content)
- .svn/ Subversion databases (SQLite header check)
- .hg/ Mercurial repositories (manifest detection)
- .env files containing API keys, database credentials, and secrets
- .DS_Store macOS metadata files that reveal directory structures
- security.txt responsible disclosure policies (RFC 9116)

📦 ONE-CLICK DOWNLOAD & SOURCE EXTRACTION
When an exposed .git repository is found, click the download button to:
1. Fetch Git objects using 50+ well-known paths and dynamic ref discovery
2. Detect directory listings for recursive crawling when available
3. Decompress all Git objects using zlib
4. Traverse commit → tree → blob chains to reconstruct actual source files
5. Deliver a ZIP containing both extracted source code AND raw .git data

The resulting ZIP includes:
- A source folder with reconstructed files (index.html, config files, scripts, etc.)
- A raw .git folder for manual analysis with external tools
- An ExtractionReport.txt documenting what was found, extracted, or failed
- A DownloadStats.txt with HTTP status code breakdown

🛡️ INTELLIGENCE FEATURES
- Open Source Detection — Reads .git/config to identify GitHub/GitLab remotes
- security.txt Detection — Finds responsible disclosure contact information
- Dynamic Ref Discovery — Scans downloaded files for branch names beyond static lists
- Directory Listing Detection — Recursively crawls when server exposes file listings

⚙️ CONFIGURABLE
- Toggle detection for each file type independently
- Adjustable download concurrency, wait times, and failure thresholds
- Hostname blacklist with wildcard support
- Desktop notifications for new findings and download progress
- Debug mode for troubleshooting

🎨 MODERN DARK UI
- Stats dashboard with type-based breakdown
- Color-coded badges for each finding type
- Animated findings list with hover-reveal action buttons
- Card-based settings with toggle switches

⚠️ IMPORTANT: This tool is designed for authorized security research and educational purposes only. Accessing systems without explicit permission is illegal in most jurisdictions. Always ensure proper authorization before investigating findings. All data is stored locally on your machine — nothing is sent to any external server.

Built by Maor D. — Cyber Intelligence Researcher and author of "The Digital Hunter."
Based on the original DotGit extension by davtur19, with discovery techniques inspired by git-dumper (Maxime Arthaud) and extraction concepts from GitTools (internetwache).

GitHub: https://github.com/MaorDayanOfficial/DotGit-Enhanced