Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/0xSearches/sandcastle
🏰 A Python script for AWS S3 bucket enumeration.
https://github.com/0xSearches/sandcastle
Last synced: 3 months ago
JSON representation
🏰 A Python script for AWS S3 bucket enumeration.
- Host: GitHub
- URL: https://github.com/0xSearches/sandcastle
- Owner: 0xSearches
- License: mit
- Created: 2017-06-14T00:00:09.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2022-12-01T23:39:56.000Z (almost 2 years ago)
- Last Synced: 2024-04-08T11:35:05.690Z (7 months ago)
- Language: Python
- Homepage: https://ysx.me.uk/sandcastle
- Size: 34.2 KB
- Stars: 136
- Watchers: 4
- Forks: 58
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
- awesome-sec-s3 - Sandcastle - a Python script for AWS S3 bucket enumeration, formerly known as bucketCrawler (Awesome AWS S3 Security [](https://github.com/mxm0z/awesome-sec-s3))
README
Inspired by a conversation with Instacart's [@nickelser](https://github.com/nickelser) on HackerOne, I've optimised and published Sandcastle – a Python script for AWS S3 bucket enumeration, formerly known as bucketCrawler.
The script takes a target's name as the stem argument (e.g. `shopify`) and iterates through a file of bucket name permutations, such as the ones below:
```
-training
-bucket
-dev
-attachments
-photos
-elasticsearch
[...]
```
## Getting started
Here's how to get started:
1. Clone this repo (PyPi distribution temporarily disabled).
2. Run `sandcastle.py` with a target name and input file (grab an example from this repo)
3. Matching bucket permutations will be identified, and read permissions tested.
```
usage: sandcastle.py [-h] -t targetStem [-f inputFile]
arguments:
-h, --help show this help message and exit
-t targetStem, --target targetStem
Select a target stem name (e.g. 'shopify')
-f inputFile, --file inputFile
Select a bucket permutation file (default: bucket-
names.txt)
```
```
____ __ __ __
/ __/__ ____ ___/ /______ ____ / /_/ /__
_\ \/ _ `/ _ \/ _ / __/ _ `(_- __/ / -_)
/___/\_,_/_//_/\_,_/\__/\_,_/___/\__/_/\__/
S3 bucket enumeration // release v1.2.4 // ysx
[*] Commencing enumeration of 'shopify', reading 138 lines from 'bucket-names.txt'.
[+] Checking potential match: shopify-content --> 403
An error occurred (AccessDenied) when calling the ListObjects operation: Access Denied
```
### Status codes and testing
| Status code | Definition | Notes |
| ------------- | ------------- | -----|
| 404 | Bucket Not Found | Not a target for analysis (hidden by default)|
| 403 | Access Denied | Potential target for analysis via the CLI |
| 200 | Publicly Accessible | Potential target for analysis via the CLI |
### AWS CLI commands
Here's a quick reference of some useful AWS CLI commands:
* List Files: `aws s3 ls s3://bucket-name`
* Download Files: `aws s3 cp s3://bucket-name/ `
* Upload Files: `aws s3 cp/mv test-file.txt s3://bucket-name`
* Remove Files: `aws s3 rm s3://bucket-name/test-file.txt`
## What is S3?
From the Amazon [documentation](http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html), *Working with Amazon S3 Buckets*:
> Amazon S3 [Simple Storage Service] is cloud storage for the Internet. To upload your data (photos, videos, documents etc.), you first create a bucket in one of the AWS Regions. You can then upload any number of objects to the bucket.
> In terms of implementation, buckets and objects are resources, and Amazon S3 provides APIs for you to manage them.
## Closing remarks
* This is my first public security project. Sandcastle is published under the MIT License.
* Usage acknowlegements:
* Castle (icon) by Andrew Doane from the Noun Project
* Nixie One (logo typeface) free by Jovanny Lemonad