{"id":13577955,"url":"https://github.com/Eilonh/s3crets_scanner","last_synced_at":"2025-04-05T15:31:58.548Z","repository":{"id":62275725,"uuid":"558469266","full_name":"Eilonh/s3crets_scanner","owner":"Eilonh","description":null,"archived":false,"fork":false,"pushed_at":"2022-12-07T12:25:57.000Z","size":247,"stargazers_count":563,"open_issues_count":5,"forks_count":65,"subscribers_count":12,"default_branch":"main","last_synced_at":"2024-11-05T15:48:28.999Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Eilonh.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-10-27T15:55:39.000Z","updated_at":"2024-10-28T18:14:29.000Z","dependencies_parsed_at":"2023-01-24T17:16:29.977Z","dependency_job_id":null,"html_url":"https://github.com/Eilonh/s3crets_scanner","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Eilonh%2Fs3crets_scanner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Eilonh%2Fs3crets_scanner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Eilonh%2Fs3crets_scanner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Eilonh%2Fs3crets_scanner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Eilonh","download_url":"https://codeload.github.com/Eilonh/s3crets_scanner/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247358992,"owners_count":20926337,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T15:01:25.693Z","updated_at":"2025-04-05T15:31:53.537Z","avatar_url":"https://github.com/Eilonh.png","language":"Python","funding_links":[],"categories":["Python","Weapons","0x02 工具 :hammer_and_wrench:","AWS Security"],"sub_categories":["Tools","1 云服务工具","S3"],"readme":"# S3cret Scanner: Hunting For Secrets Uploaded To Public S3 Buckets\n\n![](DOCS/logo.png)\n\n* `S3cret Scanner` tool designed to provide a complementary layer for the [Amazon S3 Security Best Practices](https://docs.aws.amazon.com/AmazonS3/latest/userguide/security-best-practices.html) by proactively hunting secrets in public S3 buckets.\n* Can be executed as `scheduled task` or `On-Demand`\n\n-----\n## Automation workflow\nThe automation will perform the following actions:\n1. List the public buckets in the account (Set with ACL of `Public` or `objects can be public`)\n2. List the textual or sensitive files (i.e. `.p12`, `.pgp` and more)\n3. Download, scan (using truffleHog3) and delete the files from disk, once done evaluating, one by one.\n4. The logs will be created in `logger.log` file.\n-----\n## Prerequisites\n1. Python 3.6 or above\n2. TruffleHog3 installed in $PATH\n3. An AWS role with the following permissions:\n\n```json\n{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"VisualEditor0\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:GetLifecycleConfiguration\",\n \"s3:GetBucketTagging\",\n \"s3:ListBucket\",\n \"s3:GetAccelerateConfiguration\",\n \"s3:GetBucketPolicy\",\n \"s3:GetBucketPublicAccessBlock\",\n \"s3:GetBucketPolicyStatus\",\n \"s3:GetBucketAcl\",\n \"s3:GetBucketLocation\"\n ],\n \"Resource\": \"arn:aws:s3:::*\"\n },\n {\n \"Sid\": \"VisualEditor1\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListAllMyBuckets\",\n \"Resource\": \"*\"\n }\n ]\n}\n```\n\n4. If you're using a CSV file - make sure to place the file `accounts.csv` in the `csv` directory, in the following format:\n```csv\nAccount name,Account id\nprod,123456789\nci,321654987\ndev,148739578\n```\n-----\n\n## Getting started\n\nUse [pip](https://pip.pypa.io/en/stable/) to install the needed requirements.\n\n```bash\n# Clone the repo\ngit clone \u003crepo\u003e\n\n# Install requirements\npip3 install -r requirements.txt\n\n# Install trufflehog3\npip3 install trufflehog3\n```\n-----\n## Usage\n\n| Argument | Values | Description| Required|\n| :---: | :---: | :---: | :---: |\n| -p, --aws_profile | | The aws profile name for the access keys | \u0026check;\n| -r, --scanner_role | | The aws scanner\\'s role name | \u0026check;\n| -m, --method | internal |the scan type | \u0026check;\n| -l, --last_modified | 1-365 | Number of days to scan since the file was last modified; _Default - 1_| \u0026cross;\n\n\n### Usage Examples\n`python3 main.py -p secTeam -r secteam-inspect-s3-buckets -l 1`\n-----\n## Demo\n\n![](DOCS/scanner_gif.gif)\n\n-----\n## References\n [![Medium](https://img.shields.io/badge/Medium-12100E?style=for-the-badge\u0026logo=medium\u0026logoColor=white)](https://medium.com/@hareleilon/hunting-after-secrets-accidentally-uploaded-to-public-s3-buckets-7e5bbbb80097)\n\n\n-----\n## Contributing\nPull requests and forks are welcome. For major changes, please open an issue first to discuss what you would like to change.\n\n------\n## License\n[![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FEilonh%2Fs3crets_scanner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FEilonh%2Fs3crets_scanner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FEilonh%2Fs3crets_scanner/lists"}