# Exposed git folder > Note: This page is in the web pentest category but it could also be useful in a cloud pentest or other types of pentest. It can happen during a pentest engagement that you will find a git folder. ## Get the git folder in your local machine ### From AWS Say you found an aws bucket and it contains a git folder in `rootfolder/.git`.\ You will need to take the root folder locally this way you will be able to use git commands such as `git diff` ### From a web server `wget -r http://target.com/.git` ## Explore the content * `git status` see tje status of changes * `git diff` will show the changes * `cat .git/refs/heads/master` will give you a reference to the latest commit. * `git log -1 master` will show commit message * `git show -s --pretty=raw b64c8dcfa8a39af06521cf4cb7cdce5f0ca9e526` here `b64c8dcfa8a39af06521cf4cb7cdce5f0ca9e526` is a reference to the commit you got from git log * `git checkout -- .` reset the local repo to the last commit (to retrieve deleted files for instance) ## Resources ### Tools {% embed url="" %} GitTools by internetwache {% embed url="" %} Gitleaks ### Blogs {% embed url="" %} Exposed .git Directory Exploitation by Yani {% embed url="" %} Git - Hacktricks --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://csbygb.gitbook.io/pentips/web-pentesting/exposed-git.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.