https://github.com/JR0ch17/S3Cruze

All-in-one AWS S3 bucket tool for pentesters.
https://github.com/JR0ch17/S3Cruze

Last synced: 5 days ago
JSON representation

All-in-one AWS S3 bucket tool for pentesters.

• Host: GitHub
• URL: https://github.com/JR0ch17/S3Cruze
• Owner: JR0ch17
• License: mit
• Created: 2017-07-07T19:17:52.000Z (over 7 years ago)
• Default Branch: master
• Last Pushed: 2019-02-16T07:36:18.000Z (over 5 years ago)
• Last Synced: 2024-08-01T10:17:21.417Z (3 months ago)
• Language: Python
• Homepage:
• Size: 40 KB
• Stars: 72
• Watchers: 3
• Forks: 26
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • License: LICENSE.md

Awesome Lists containing this project

• awesome-bugbounty-tools - S3Cruze - All-in-one AWS S3 bucket tool for pentesters. (Miscellaneous / Buckets)

README

        
# S3Cruze

[![Python |2.7](https://img.shields.io/badge/python-2.7-yellow.svg)](https://www.python.org/) [![Twitter](https://img.shields.io/badge/[email protected])](https://twitter.com/JR0ch17)

This tool is based off of the Sandcastle projet from @yasinS. Using a word list, it will enumerate buckets and list files (if allowed). You can also choose to try to upload a test file, or attempt to view a bucket's ACL, policy, CORS configuration, replication configuration, website configuration and bucket location. You also have the option to check a single bucket that you have already found elsewhere. 

## AWS-CLI

- For this tool to work properly, you need to have **AWS-CLI** installed (http://docs.aws.amazon.com/cli/latest/userguide/installing.html). - Once installed, you need to run `$ aws configure` to configure your AWS Access Keys.

## How to use S3Cruze

1. Clone this repo

2. Run s3cruze.py with your target name. You can also specify your own dictionnary file if you'd like and you can also select if you want to try to upload a file or not. The default behavior will only enumerate buckets.

```

usage: s3cruze.py [-h] -t targetBucket [-f inputFile] [-u] [-d] [-a] [-p]

                   [-c] [-r] [-w] [-l] [--all] (-b | -s)

optional arguments:

  -h, --help            show this help message and exit

  -t targetBucket, --target targetBucket

                        Select a target bucket name (e.g. 'shopify')

  -f inputFile, --file inputFile

                        Select a bucket brute-forcing file (default: bucket-

                        names.txt)

  -u, --upload          File to upload will be automatically generated (e.g.

                        'BugBounty-[######].txt')

  -d, --delete          Delete file from bucket after uploading it

  -a, --acl             View bucket ACL

  -p, --policy          View bucket policy

  -c, --cors            View bucket CORS configuration

  -r, --replication     View bucket replication configuration

  -w, --website         View bucket website configuration

  -l, --location        View bucket location

  --all                 View all bucket configuration

  -b, --bruteforce      Bruteforce buckets names. By default it will try to

                        list files from the buckets.

  -s, --single          Check a single bucket only

  

```

## Contributions

I'm just beginning to code in Python so if you feel it could work better by coding it in a certain way, please feel free to create pull requests, it would be greatly appreciated. Honestly, please do. 

If needed, I can also be reached via Twitter @JR0ch17.