SVN Extractor

SVN Extractor is a specialized penetration testing tool designed to extract hidden web resources from exposed .SVN directories found on web servers. This tool automates the process of discovering and downloading files that may be inadvertently exposed through misconfigured SVN repositories, providing penetration testers with access to source code, hidden files, and sensitive information.

Project Overview

During web application penetration testing, testers often encounter exposed .SVN folders that contain valuable information about the application’s structure and source code. SVN Extractor automates the extraction process, making it easy to discover hidden files, access source code, and bypass certain access restrictions that might be in place.

Key Features

🔍 Comprehensive SVN Discovery

• Dual Version Support: Handles both SVN <1.6 (.svn/entries) and >1.6 (.svn/wc.db) formats
• Automatic Detection: Intelligently detects SVN version and adapts extraction method
• Hidden File Discovery: Uncovers files and folders not directly accessible via web interface
• Username Extraction: Retrieves commit usernames from SVN metadata

🚀 Advanced Extraction Capabilities

• Source Code Recovery: Downloads complete source code from SVN backups
• Multiple Backup Locations: Extracts from .svn/text-base/ and .svn/pristine/ directories
• Bypass Restrictions: Downloads files even when htaccess restrictions are in place
• Checksum Verification: Uses SHA1 checksums for file integrity verification

🛠️ Flexible Configuration

• Proxy Support: HTTP/HTTPS proxy configuration for testing through corporate networks
• Selective Extraction: Regex-based file matching for targeted downloads
• Debug Mode: Detailed logging for troubleshooting and analysis
• No-Extract Mode: Information gathering without file downloads

Usage

Basic Usage

python svn_extractor.py --url "http://example.com/.svn/"

Advanced Options

usage: svn_extractor.py [-h] --url TARGET [--debug] [--noextract] [--userlist]
                        [--wcdb] [--entries] [--proxy PROXY] [--match MATCH]

This program is used to extract the hidden SVN files from a webhost
considering either .svn entries file (<1.6) or wc.db (> 1.7) are available
online. This program actually automates the directory navigation and text
extraction process

optional arguments:
  -h, --help     show this help message and exit
  --url TARGET   Provide URL
  --debug        Provide debug information
  --noextract    Don't extract files just show content
  --userlist     show the usernames used for commit
  --wcdb         check only wcdb
  --entries      check only .svn/entries file
  --proxy PROXY  Provide HTTP Proxy in http(s)://host:port format
  --match MATCH  only download files that match regex

Examples

Basic extraction:

python svn_extractor.py --url "https://target.com/.svn/"

Extract with proxy:

python svn_extractor.py --url "https://target.com/.svn/" --proxy "http://proxy:8080"

Show usernames only:

python svn_extractor.py --url "https://target.com/.svn/" --userlist --noextract

Match specific files:

python svn_extractor.py --url "https://target.com/.svn/" --match "\.php$"

How It Works

1. SVN Version Detection

The tool automatically detects the SVN version by checking for:

• .svn/entries: Used by SVN versions <1.6
• .svn/wc.db: Used by SVN versions >1.6

2. Metadata Extraction

Depending on the SVN version:

• SVN <1.6: Parses .svn/entries files for file/folder listings and usernames
• SVN >1.6: Queries SQLite3 database (.svn/wc.db) for comprehensive file information

3. File Recovery

The tool attempts multiple recovery methods:

• .svn/text-base/[filename].svn-base: Direct filename-based recovery
• .svn/pristine/[XX]/[CHECKSUM].svn-base: Checksum-based recovery (more reliable)

4. Content Extraction

• Source Code Access: Recovers complete source code files
• Binary File Support: Handles both text and binary files
• Integrity Verification: Uses SHA1 checksums to verify file integrity

Technical Architecture

Core Components

• URL Handler: Manages HTTP requests and response processing
• SVN Parser: Handles different SVN format parsing (.entries vs .wc.db)
• File Extractor: Downloads and reconstructs files from SVN backups
• Metadata Processor: Extracts usernames and file information

Supported SVN Formats

• Legacy Format (.svn/entries): Text-based format used by SVN <1.6
• Modern Format (.svn/wc.db): SQLite3-based format used by SVN >1.6
• Pristine Storage: Advanced file storage system with checksum verification

Use Cases

Penetration Testing

• Information Disclosure: Discover exposed source code and configuration files
• Attack Surface Mapping: Identify hidden files and directories
• Credential Harvesting: Extract database credentials and API keys from source code
• Vulnerability Research: Analyze source code for security flaws

Security Assessment

• Misconfiguration Detection: Identify improperly configured web servers
• Data Exposure Analysis: Assess the extent of information disclosure
• Risk Assessment: Evaluate the security impact of exposed SVN directories
• Compliance Auditing: Check for unauthorized information exposure

Digital Forensics

• Evidence Collection: Gather source code and file history
• Timeline Analysis: Use SVN commit information for timeline reconstruction
• Attribution: Identify developers through commit usernames
• Change Tracking: Analyze file modifications and updates

Project Impact

Community Adoption

• 478 Stars: Strong community recognition for utility in penetration testing
• 127 Forks: Active community contributions and customizations
• 14 Watchers: Regular users following project updates
• GPL-3.0 License: Open source availability for security community

Security Research Value

• Automation: Eliminates manual SVN directory traversal
• Efficiency: Rapid extraction of large file sets
• Reliability: Handles various SVN configurations and versions
• Educational Value: Demonstrates SVN security implications

Technical Specifications

Requirements

• Python: Compatible with Python 2.x and 3.x
• Libraries: Standard Python libraries (urllib, sqlite3, re)
• Network: HTTP/HTTPS connectivity to target servers
• Platform: Cross-platform compatibility (Windows, Linux, macOS)

File Recovery Methods

1. Text-base Method: .svn/text-base/filename.svn-base
2. Pristine Method: .svn/pristine/XX/CHECKSUM.svn-base
3. Entries Parsing: Direct file listing from .svn/entries
4. Database Query: SQLite queries against .svn/wc.db

Research and References

The tool builds upon research from multiple security professionals:

Academic References

• SANS Pen-Testing Blog: “All Your SVN Are Belong To Us” - Manual wc.db techniques
• Adam Gotterer’s Research: Manual .svn/entries exploitation techniques
• CIRT.net: Pristine directory exploitation methods

Community Contributions

• Bug Reports: Community-driven issue identification and resolution
• Feature Requests: User-driven feature development
• Code Contributions: Community code improvements and optimizations
• Documentation: User-contributed documentation and examples

Security Considerations

Ethical Usage

• Authorization Required: Only use on systems you own or have explicit permission to test
• Legal Compliance: Ensure compliance with local laws and regulations
• Responsible Disclosure: Report findings through proper channels
• Documentation: Maintain proper testing documentation

Defensive Measures

• Server Configuration: Properly configure web servers to block .svn access
• Directory Permissions: Set appropriate file system permissions
• Web Server Rules: Implement htaccess or server-level blocking rules
• Regular Auditing: Regularly check for exposed version control directories

Credit (C) Anant Shrivastava http://anantshri.info
Greets to Amol Naik, Akash Mahajan, Prasanna K, Lava Kumar for valuable inputs

A comprehensive tool for automated extraction of hidden web resources from exposed SVN directories during penetration testing engagements