无法扫描出.git目录

[SuperXiaoDong]

网址本身存在indexof漏洞，可以懒到js/、css/等目录，且存在.git泄漏，使用命令feroxbuster -u http://target.com -w /path/to/wordlist.txt的时候，无法扫描出.git/、.git/HEAD等目录。why?

[SuperXiaoDong]

扫描出的结果只有js/、css/等目录，我确定字典包含.git/、.git/HEAD，不明白为什么扫描不出来，使用其他工具如ffuf是可以扫描出.git/、.git/HEAD的

[epi052]

google translate:

first post

The URL itself has an indexof vulnerability. It can be lazy to js/, css/ and other directories, and there is a .git leak. When using the command feroxbuster -u http://target.com -w /path/to/wordlist.txt, it cannot be scanned. Exit the .git/, .git/HEAD and other directories. why?

second post

The scan results are only js/, css/ and other directories. I am sure that the dictionary contains .git/, .git/HEAD. I don’t understand why it cannot be scanned out. You can use other tools such as ffuf to scan out .git/, .git/HEAD. of

[epi052]

my guess is that the server is registered as allowing directory listing, in which case --scan-dir-listings might solve your problem.

Another potential issue is whether or not your wordlist contains .git.

It's really hard to say what the issue is without the command you ran, more information about the server, etc etc