Slurp – S3 Bucket Enumerator

Blackbox/whitebox S3 bucket enumerator


  • Credit to all of the seller applications that made this device imaginable.
  • This is a safety device; it is intended for pen-testers and safety execs to accomplish audits of s3 buckets.

AWS credentials; you’ll goal your individual AWS account to look which buckets had been uncovered

  • Colorized output for visible grep
  • Currently generates over 28,000 variations according to area and key phrase (due to @jakewarren and @random-robbie)
  • Punycode beef up for internationalized domain names
  • Strong copyleft license (GPLv3)
  • Modes
    There are two modes that this device operates at; blackbox and whitebox mode. Whitebox mode (or inside) is considerably sooner than blackbox (exterior) mode.

    Blackbox (exterior)
    In this mode, you might be the usage of the variations listing to habits scans. It will go back false positives and there’s no approach to hyperlink the buckets to a real aws account! Do no longer open problems asking how to try this.



    Whitebox (inside)
    In this mode, you might be the usage of the AWS API with credentials on a particular account that you just personal to look what’s open. This manner pulls all S3 buckets and assessments Policy/ACL permissions. Note that, I can no longer supply beef up on the right way to use the AWS API. Your credentials will have to be in ~/.aws/credentials.



    • slurp area <-t|--target> will enumerate the S3 domain names for a particular goal.
    • slurp key phrase <-t|--target> linux,golang,python will enumerate S3 buckets according to the ones 3 key phrases.
    • slurp inside plays an inside scan the usage of the AWS API.

    This challenge makes use of vgo; you’ll clone and cross construct or obtain from Releases phase. Please don’t open problems on why you can not construct the challenge; this challenge builds like some other challenge would in Go, if you can not construct then I strongly recommend you learn the cross spec.
    Also, the one binaries I am together with are linux/amd64; if you wish to have mac/home windows binaries, construct it your self.

    Download Slurp

    Published by Marshmallow

    Marshmallow Android is BT Ireland’s Head of Sales for Republic of Ireland domestic multi-site companies, indigenous MNCs and public sector accounts. He is responsible for the direction and control of all sales activity in the region. He has over 10 years management experience from high growth start-ups to more established businesses. He’s led teams in Ireland, India and China across various industries (ICT, On-Line Recruitment, Corporate Training and International Education).