I tried using this on a site with a broken HTTPS cert, and it was throwing errors. You should probably ignore these errors instead.

Hi. Can you please turn off SSL verification? Or how can I use this tool over https?
Directory index is enabled and requested files 100% exists.
Here is my log:
➜ ../rip-git.pl -v -u https://qwe.to/.git/
[i] Downloading git files from https://qwe.to/.git/
[!] Not found for COMMIT_EDITMSG: 500 Can't verify SSL peers without knowing which Certificate Authorities to trust
[!] Not found for config: 500 Can't verify SSL peers without knowing which Certificate Authorities to trust
[!] Not found for description: 500 Can't verify SSL peers without knowing which Certificate Authorities to trust
[!] Not found for HEAD: 500 Can't verify SSL peers without knowing which Certificate Authorities to trust
[!] Not found for index: 500 Can't verify SSL peers without knowing which Certificate Authorities to trust
[!] Not found for packed-refs: 500 Can't verify SSL peers without knowing which Certificate Authorities to trust
[!] Not found for objects/info/alternates: 500 Can't verify SSL peers without knowing which Certificate Authorities to trust
[!] Not found for info/grafts: 500 Can't verify SSL peers without knowing which Certificate Authorities to trust
[!] Not found for logs/HEAD: 500 Can't verify SSL peers without knowing which Certificate Authorities to trust
[!] Not found for objects/ve/rify: 500 Can't verify SSL peers without knowing which Certificate Authorities to trust
[!] Not found for objects//: 500 Can't verify SSL peers without knowing which Certificate Authorities to trust
[!] Not found for objects/pr/oblem: 500 Can't verify SSL peers without knowing which Certificate Authorities to trust
[!] Not found for objects/va/riable: 500 Can't verify SSL peers without knowing which Certificate Authorities to trust
[!] Not found for objects//: 500 Can't verify SSL peers without knowing which Certificate Authorities to trust
[!] Not found for objects/di/sable: 500 Can't verify SSL peers without knowing which Certificate Authorities to trust
[!] Not found for objects/va/riable: 500 Can't verify SSL peers without knowing which Certificate Authorities to trust
[!] Not found for objects/wi/th: 500 Can't verify SSL peers without knowing which Certificate Authorities to trust
[!] Not found for refs/heads/master: 500 Can't verify SSL peers without knowing which Certificate Authorities to trust
[i] Running git fsck to check for missing items
Checking object directories: 100% (256/256), done.
[i] Got items with git fsck: 0
[i] Items fetched: 0
Your branch is up-to-date with 'origin/master'.

When a git repo contains packed resources, rip-git.pl does not download the pack and only tries to download the objects directly, which will fail as such objects do not exist...

I tried to look around to see if it's possible to guess the name of the pack (when you can't list objects/pack) but so far nothing.

Do you think that's doable?

on one resource while testing as "black box", i found response for requests

https://xxx.example.com/revision.txt
https://xxx.example.com/revision.inc

I decided to try to pull out the repository by your tool, which already many times helped out on CTF quests.
And received such an answer:

[!] Not found for https://xxx.example.com///.svn/all-wcprops => /.svn/all-wcprops: 404 Not Found
[!] Not found for https://xxx.example.com///.svn/entries => /.svn/entries: 404 Not Found
[!] Not found for https://xxx.example.com///.svn/format => /.svn/format: 404 Not Found
[!] Not found for https://xxx.example.com///.svn/wc.db => /.svn/wc.db: 404 Not Found
[i] Found new SVN client storage format!
DBD::SQLite::db prepare failed: file is encrypted or is not a database at ./rip-svn.pl line 88.
Couldn't prepare statement 'SELECT id,root,uuid FROM repository': file is encrypted or is not a database at ./rip-svn.pl line 88.
Can't call method "execute" on an undefined value at ./rip-svn.pl line 89.

request:

./rip-svn.pl -vv -u https://xxx.example.com

Tell me, how to perceive, is there a repository and a file with a password? Or there is no repository?
Thank's

As requested by users, implement parallel requests in order to speed things up.

hi all,
I'm trying to rip git directory, but its stuck on 65% running git fsck to check missing items.

checking object directory : 65% (167/256)

how to solve this problem ?
Im using kali linux

DBD::SQLite::db prepare failed: file is not a database at rip-svn.pl line 88.
Couldn't prepare statement 'SELECT id,root,uuid FROM repository': file is not a database at rip-svn.pl line 88.
Can't call method "execute" on an undefined value at rip-svn.pl line 89.

It should create a new folder with the website name everytime that it's executed....

Otherwise I can't get more than 1 site.... Both create the .git folder....

The sqlmap project does this... it has a folder called output where it creates folders like "example.com", "google.com"*, ....

Thanks!

hello my friend

useing rip-cvs.pl

but
➜ dvcs-ripper git:(master) perl rip-cvs.pl
\C no longer supported in regex; marked by <-- HERE in m//\ <-- HERE CVS/ at rip-cvs.pl line 68.
➜ dvcs-ripper git:(master)

can you help me ?

../dvcs-ripper/rip-git.pl -s -v -u https://qwe.to/.git/
I got a bunch of other errors:

error: bad graft data:
error: Could not read 324324erewrewr
error: inflate: data stream error (incorrect header check)
error: unable to unpack 3432432efrdsfsdf header
error: inflate: data stream error (incorrect header check)
fatal: loose object 343243erewrew (stored in .git/objects/01/wr324324sdf) is corrupt

rip-git.pl should check refs/stash file

In order to implement full resume, implement if file already exists first.

ORLY? This is possible for git?

for rip-git

-o <s> specify output dir works only if the output dir already exists. If it doesn't exist instead of creating it it will clone to the default ./.git/

Don't know if you guys care because perforce isn't really used anywhere, but some time back when fbsd was putting all of their dev code into perforce, I needed some way to rip their repositories. Since it was proprietary but exposed a web-interface I threw some code together to snag it.

It's in python and using BeautifulSoup because python isn't as good for parsing everything as Perl is. https://github.com/arizvisa/dotfiles/blob/master/posix/bin/perforce-blows.py

If for some reason you use it and don't port it to perl and that license at the top conflicts with yours, I can remove the license. Anyways, take care.

I am a developer for the ArchAssault project, we would like to add this to our repo, but we notice its missing a license. Can you add one to the repo please?