RepoReaper: Automated .git Repository Scanner for Domain Security

RepoReaper is a precision tool designed to automate the identification of exposed .git repositories across a list of domains and subdomains. By processing a user-provided text file with domain names, RepoReaper systematically checks each for publicly accessible .git files. This enables rapid assessment and protection against information leaks, making RepoReaper an essential resource for security teams and web developers.


  • Automated scanning of domains and subdomains for exposed .git repositories.
  • Streamlines the detection of sensitive data exposures.
  • User-friendly command-line interface.
  • Ideal for security audits and Bug Bounty.


Clone the repository and install the required dependencies:

git clone
cd RepoReaper
pip install -r requirements.txt
chmod +x


RepoReaper is executed from the command line and will prompt for the path to a file containing a list of domains or subdomains to be scanned.

To start RepoReaper, simply run:


Upon execution, RepoReaper will ask for the path to the file containing the domains or subdomains: Enter the path of the file containing domains

Provide the path to your text file when prompted. The file should contain one domain or subdomain per line, like so:

RepoReaper will then proceed to scan the provided domains or subdomains for exposed .git repositories and report its findings.


This tool is intended for educational purposes and security research only. The user assumes all responsibility for any damages or misuse resulting from its use.

Download RepoReaper

Next Post Previous Post
No Comment
Add Comment
comment url