Automates discovery and extraction of exposed version control directories and backup files during authorized security assessments. Walks you through probing .git, .svn, .hg, and .bzr endpoints, distinguishing between 403s that confirm presence versus 404s, then points you to the right recovery tool (git-dumper, GitTools, svn-extractor) based on what you find. Also covers .DS_Store parsing and common backup artifacts like .env files and .swp leftovers. The decision tree is practical: try .git/HEAD first, check the response pattern, route to the appropriate dumper. Treats 403-on-directory plus 200-on-specific-files as high priority, which is the right call since misconfigured deny rules often leak exactly that way.
npx skills add https://github.com/yaklang/hack-skills --skill insecure-source-code-management