Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/brianwarehime/inSp3ctor
AWS S3 Bucket/Object Finder
https://github.com/brianwarehime/inSp3ctor
Last synced: about 2 months ago
JSON representation
AWS S3 Bucket/Object Finder
- Host: GitHub
- URL: https://github.com/brianwarehime/inSp3ctor
- Owner: brianwarehime
- Created: 2017-08-10T17:03:14.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2021-07-13T20:15:16.000Z (over 3 years ago)
- Last Synced: 2024-07-25T05:33:29.843Z (5 months ago)
- Language: Python
- Size: 16.6 KB
- Stars: 113
- Watchers: 2
- Forks: 34
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-tools - InSp3ctor - AWS S3 Bucket/Object finder (Asset Discovery / Cloud Infrastructure Discovery)
- Awesome-Asset-Discovery - InSp3ctor
- awesome-sec-s3 - inSp3ctor - AWS S3 Bucket/Object Finder (Awesome AWS S3 Security [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/mxm0z/awesome-sec-s3))
README
# inSp3ctor
AWS S3 Bucket/Object Finder```
_ ____ ____ __
(_)__ / __/__ |_ /____/ /____ ____
/ / _ \_\ \/ _ \_/_ __/ __/ _ \/ __/
/_/_//_/___/ .__/____/\__/\__/\___/_/
/_/AWS S3 Bucket Finder
Brian Warehime @nullsecureusage: inSp3ctor.py [-h] [-w wordlist] [-n root] [-o] [-a] [-p] [-b batch]
AWS s3 Bucket Permutation Checker
optional arguments:
-h, --help show this help message and exit
-w wordlist Specify list of buckets to check from wordlist
-n root Specify the root name to use, i.e. google, amazon
-o Check objects in a public s3 bucket if they are available
-a Use AWS Credentials to authenticate the request
-p Only show buckets/objects that are public in the results
-b batch Specify filename containing words to apply permutations to
```## How To Use
You can either use a pre-made wordlist containing all the buckets/objects you want to check or supply a root name, and let inSp3ctor add in common permutations to the bucket name to find different variations.
### Example
If you wanted to look for any information for `example`, you'd run `python inSp3ctor.py -n example`, you can supply the argument `-o` if you want to check the status of the objects contained in the public buckets.
```
_ ____ ____ __
(_)__ / __/__ |_ /____/ /____ ____
/ / _ \_\ \/ _ \_/_ __/ __/ _ \/ __/
/_/_//_/___/ .__/____/\__/\__/\___/_/
/_/AWS S3 Bucket Finder
Brian Warehime @nullsecure[!] Applying permutations to example
[!] Bucket is marked private [http://example-dev.s3.amazonaws.com]
[>] Bucket has a redirect [http://s3.amazonaws.com/example-dev] Redirected here - [example-dev.s3.amazonaws.com]
[-] Bucket does not exist or cannot list [http://example-prod.s3.amazonaws.com]
[-] Bucket does not exist or cannot list [http://s3.amazonaws.com/example-prod]
[-] Bucket does not exist or cannot list [http://example-production.s3.amazonaws.com]
[-] Bucket does not exist or cannot list [http://s3.amazonaws.com/example-production]
[-] Bucket does not exist or cannot list [http://example-tmp.s3.amazonaws.com]
[-] Bucket does not exist or cannot list [http://s3.amazonaws.com/example-tmp]
[!] Bucket is marked private [http://example-media.s3.amazonaws.com]
[>] Bucket has a redirect [http://s3.amazonaws.com/example-media] Redirected here - [example-media.s3.amazonaws.com]
[-] Bucket does not exist or cannot list [http://example-tmp-logs.s3.amazonaws.com]
[-] Bucket does not exist or cannot list [http://s3.amazonaws.com/example-tmp-logs]
[!] Bucket is marked private [http://example-logs.s3.amazonaws.com]
[!] Bucket is marked private [http://s3.amazonaws.com/example-logs]
[-] Bucket does not exist or cannot list [http://example-splunk.s3.amazonaws.com]
[-] Bucket does not exist or cannot list [http://s3.amazonaws.com/example-splunk]```If you want to do lookups on a batch of companies, you can specify `-b` and supply a wordlist file, with a name on each line. The tool will then run through each line and lookup each name along with the list of permutations consecutively. I would recommend specifying `-p` to only output the public buckets/objects.
## TODO
- Right now, the AWS credentials are hardcoded in the python script, which should be handled through the `/.aws` credential file.