Blackbox/whitebox S3 bucket enumerator
- Credit to all of the seller applications that made this device imaginable.
- This is a safety device; it is intended for pen-testers and safety execs to accomplish audits of s3 buckets.
credentials; you’ll goal your individual AWS account to look which buckets had been uncovered
There are two modes that this device operates at; and whitebox mode. Whitebox mode (or inside) is considerably sooner than blackbox (exterior) mode.
In this mode, you might be the usage of the variations listing to habits scans. It will go back false positives and there’s no approach to hyperlink the buckets to a real aws account! Do no longer open problems asking how to try this.
In this mode, you might be the usage of the AWS API with credentials on a particular account that you just personal to look what’s open. This manner pulls all S3 buckets and assessments Policy/ACL permissions. Note that, I can no longer supply beef up on the right way to use the AWS API. Your will have to be in
slurp area <-t|--target> instance.comwill enumerate the S3 domain names for a particular goal.
slurp key phrase <-t|--target> linux,golang,pythonwill enumerate S3 buckets according to the ones 3 key phrases.
slurp insideplays an inside the usage of the AWS API.
This challenge makes use of
vgo; you’ll clone and
cross construct or obtain from Releases phase. Please don’t open problems on why you can not construct the challenge; this challenge builds like some other challenge would in Go, if you can not construct then I strongly recommend you learn the .
Also, the one binaries I am together with are
linux/amd64; if you wish to have mac/home windows binaries, construct it your self.