S3Scanner - Scan For Open S3 Buckets And Dump - KitPloit - PenTest Tools for your Security Arsenal ☣
2018-03-22 22:07:13 Author: www.kitploit.com(查看原文) 阅读量:119 收藏

A quick and dirty script to find unsecured S3 buckets and dump their contents.

Using
The tool has 2 parts:

1 - s3finder.py
This script takes a list of domain names and checks if they're hosted on Amazon S3. Found S3 domains are output to file with their corresponding region in format "domain:region".

  • Install:
    1. (Optional) virtualenv venv && source ./venv/bin/activate
    2. pip install -r requirements.txt
  • Usage: $> python s3finder.py -o output.txt domainsToCheck.txt

Compatibility: Tested with Python 2.7 & 3.6

2 - s3dumper.sh
This script takes in a list of domains with regions made by s3finder.py. For each domain, it checks if there are publicly readable buckets and dumps them if so.
Usage: $> s3dumper.sh output.txt
Requirements: aws-cli

S3Scanner - Scan For Open S3 Buckets And Dump S3Scanner - Scan For Open S3 Buckets And Dump Reviewed by Lydecker Black on 10:10 AM Rating: 5


文章来源: https://www.kitploit.com/2018/03/s3scanner-scan-for-open-s3-buckets-and.html
如有侵权请联系:admin#unsafe.sh