Normalize page header for GraphQL, Deserialization, SCM

Insecure Source Code Management/Bazaar.md

@@ -1,5 +1,8 @@
 # Bazaar
 
+> Bazaar  (also known as bzr ) is a free, distributed version control system (DVCS) that helps you track project history over time and collaborate seamlessly with others. Developed by Canonical, Bazaar emphasizes ease of use, a flexible workflow, and rich features to cater to both individual developers and large teams.
+
+
 ## Summary
 
 * [Tools](#tools)

Insecure Source Code Management/Git.md

@@ -2,26 +2,26 @@
 
 ## Summary
 
-* [Example](#example)
+* [Methodology](#methodology)
     * [Recovering file contents from .git/logs/HEAD](#recovering-file-contents-from-gitlogshead)
     * [Recovering file contents from .git/index](#recovering-file-contents-from-gitindex)
 * [Tools](#tools)
-* [Automatic recovery](#automatic-recovery)
-    * [git-dumper.py](#git-dumperpy)
-    * [diggit.py](#diggitpy)
-    * [GoGitDumper](#gogitdumper)
-    * [rip-git](#rip-git)
-    * [GitHack](#githack)
-    * [GitTools](#gittools)
-* [Harvesting secrets](#harvesting-secrets)
-    * [trufflehog](#trufflehog)
-    * [Yar](#yar)
-    * [Gitrob](#gitrob)
-    * [Gitleaks](#gitleaks)
+    * [Automatic recovery](#automatic-recovery)
+        * [git-dumper.py](#git-dumperpy)
+        * [diggit.py](#diggitpy)
+        * [GoGitDumper](#gogitdumper)
+        * [rip-git](#rip-git)
+        * [GitHack](#githack)
+        * [GitTools](#gittools)
+    * [Harvesting secrets](#harvesting-secrets)
+        * [trufflehog](#trufflehog)
+        * [Yar](#yar)
+        * [Gitrob](#gitrob)
+        * [Gitleaks](#gitleaks)
 * [Refererences]
 
 
-## Example
+## Methodology
 
 The following examples will create either a copy of the .git or a copy of the current commit.
 
@@ -31,6 +31,7 @@ Check for the following files, if they exist you can extract the .git folder.
 - .git/HEAD
 - .git/logs/HEAD
 
+
 ### Recovering file contents from .git/logs/HEAD
 
 1. Check for 403 Forbidden or directory listing to find the `/.git/` directory
@@ -83,6 +84,7 @@ Check for the following files, if they exist you can extract the .git folder.
   git cat-file -p cb6139863967a752f3402b3975e97a84d152fd8f
   ```
 
+
 ### Recovering file contents from .git/index
 
 Use the git index file parser https://pypi.python.org/pypi/gin (python3).
@@ -103,6 +105,7 @@ name = CRLF injection/README.md
 sha1 = d7ef4d77741c38b6d3806e0c6a57bf1090eec141
 ```
 
+
 ## Tools
 
 ### Automatic recovery
@@ -166,6 +169,7 @@ git clone https://github.com/internetwache/GitTools
 git checkout -- .
 ```
 
+
 ### Harvesting secrets
 
 #### trufflehog

Insecure Source Code Management/Mercurial.md

@@ -1,5 +1,8 @@
 # Mercurial
 
+> Mercurial  (also known as hg  from the chemical symbol for mercury) is a distributed version control system (DVCS) designed for efficiency and scalability. Developed by Matt Mackall and first released in 2005, Mercurial is known for its speed, simplicity, and ability to handle large codebases.
+
+
 ## Summary
 
 * [Tools](#tools)

Insecure Source Code Management/README.md

@@ -1,15 +1,17 @@
 # Insecure Source Code Management
 
-Insecure Source Code Management (SCM) can lead to several critical vulnerabilities in web applications and services. Developers often rely on SCM systems like Git and Subversion (SVN) to manage their source code versions. However, poor security practices, such as leaving .git and .svn folders in production environments exposed to the internet, can pose significant risks. 
+> Insecure Source Code Management (SCM) can lead to several critical vulnerabilities in web applications and services. Developers often rely on SCM systems like Git and Subversion (SVN) to manage their source code versions. However, poor security practices, such as leaving .git and .svn folders in production environments exposed to the internet, can pose significant risks. 
 
 
 ## Summary
 
+* [Methodology](#methodology)
 * [Bazaar](./Bazaar.md)
 * [Git](./Git.md)
 * [Mercurial](./Mercurial.md)
 * [Subversion](./Subversion.md)
-* [Methodology](#methodology)
+* [Labs](#labs)
+* [References](#references)
 
 
 ## Methodology
@@ -26,6 +28,7 @@ The first step is to gather information about the target application. This can b
 * **Manual Inspection** : Check URLs manually by navigating to common SCM paths.
     * http://target.com/.git/
     * http://target.com/.svn/
+
 * **Automated Tools** : Refer to the page related to the specific technology.
 
 Once a potential SCM folder is identified, check the HTTP response codes and contents. You might need to bypass `.htaccess` or Reverse Proxy rules.
@@ -40,6 +43,10 @@ location /.git {
 
 For example in Git, the exploitation technique doesn't require to list the content of the `.git` folder (http://target.com/.git/), the data extraction can still be conducted when files can be read.
 
+## Labs
+
+* [Root Me - Insecure Code Management](https://www.root-me.org/fr/Challenges/Web-Serveur/Insecure-Code-Management)
+
 
 ## References
 

Insecure Source Code Management/Subversion.md

@@ -1,14 +1,27 @@
 # Subversion
 
+> Subversion  (often abbreviated as SVN) is a centralized version control system (VCS) that has been widely used in the software development industry. Originally developed by CollabNet Inc. in 2000, Subversion was designed to be an improved version of CVS (Concurrent Versions System) and has since gained significant traction for its robustness and reliability. 
+
+
 ## Summary
 
-* [Examples](#examples)
 * [Tools](#tools)
     * [svn-extractor](#svn-extractor)
+* [Methodology](#methodology)
 * [References](#references)
 
 
-## Examples
+## Tools
+
+### svn-extractor
+
+* [anantshri/svn-extractor](https://github.com/anantshri/svn-extractor) - Simple script to extract all web resources by means of .SVN folder exposed over network. 
+    ```powershell
+    python svn-extractor.py --url "url with .svn available"
+    ```
+
+
+## Methodology
 
 ```powershell
 curl http://blog.domain.com/.svn/text-base/wp-config.php.svn-base
@@ -25,15 +38,6 @@ curl http://blog.domain.com/.svn/text-base/wp-config.php.svn-base
   * create complete path, which will be: `http://server/path_to_vulnerable_site/.svn/pristine/94/945a60e68acc693fcb74abadb588aac1a9135f62.svn-base`
 
 
-## Tools
-
-### svn-extractor
-
-* [anantshri/svn-extractor](https://github.com/anantshri/svn-extractor) - Simple script to extract all web resources by means of .SVN folder exposed over network. 
-    ```powershell
-    python svn-extractor.py --url "url with .svn available"
-    ```
-
 
 ## References