Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/digininja/CloudStorageFinder

A collection of tools to find data that has been made public in cloud storage systems such as S3 Buckets and Digital Ocean Spaces
https://github.com/digininja/CloudStorageFinder

Last synced: 7 days ago
JSON representation

A collection of tools to find data that has been made public in cloud storage systems such as S3 Buckets and Digital Ocean Spaces

Host: GitHub
URL: https://github.com/digininja/CloudStorageFinder
Owner: digininja
License: gpl-3.0
Created: 2018-02-26T10:33:20.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2022-03-28T15:36:37.000Z (over 2 years ago)
Last Synced: 2024-07-25T05:34:17.462Z (3 months ago)
Language: Ruby
Size: 40 KB
Stars: 64
Watchers: 7
Forks: 16
Open Issues: 0
Metadata Files:
- Readme: README.bucket_finder.md
- License: LICENSE

Awesome Lists containing this project

awesome-hacking-tools - CloudStorageFinder - Tools to find public data in cloud storage systems (Asset Discovery / Cloud Infrastructure Discovery)
Awesome-Asset-Discovery - CloudStorageFinder
awesome-sec-s3 - CloudStorageFinder - A collection of tools to find data that has been made public in cloud storage systems such as S3 Buckets and Digital Ocean Spaces (Awesome AWS S3 Security [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/mxm0z/awesome-sec-s3))

README

        # Bucket Finder

Copyright(c) 2018, Robin Wood 

This project goes alongside my blog post "

[What's In Amazon's Buckets?](https://digi.ninja/blog/whats_in_amazons_buckets.php)",

read through that for more information on what is going on behind the scenes.

This is a fairly simple tool to run, all it requires is a wordlist and it will

go off and check each word to see if that bucket name exists in the Amazon's

S3 system. Any that it finds it will check to see if the bucket is public,

private or a redirect.

Public buckets are checked for directory indexing being enabled, if it is then

all files listed will be checked using HEAD to see if they are public or private.

Redirects are followed and the final destination checked. All this is reported

on so you can later go through and analyse what has been found.

## Version

1.0 - Release

1.1 - Added logging to file

## Installation

I don't think it needs anything more than the built in modules so you shouldn't

need to install any gems. Just grab the file, make it executable and run it.

I've tested it in Ruby 1.8.7 and 1.9.1 so there should be no problems with versions.

## Usage

Basic usage is simple, just start it with a wordlist:

```

./bucket_finder.rb my_words

```

And it will go off and do your bidding.

You can specify which region you want to run the initial check against by using

the --region parameter:

```

./bucket_finder.rb --region ie my_words

```

The script will follow all redirects anyway so even if left at default, US Standard,

everything will be found that can be found but if most of the buckets you are

finding are in a different region then you'll be doing a lot of redirects so doubling

your network traffic.

You can also specify the --download option to download all public files found. Be

careful with this as there are a lot of large files out there. I'd personally do

the general search then only use this option with a select subset of bucket names:

```

./bucket_finder.rb --download --region ie my_words

```

The files are downloaded into a folder with the bucket name and then the appropriate

structure from the bucket. 

As some people are having trouble piping the output to files or other apps I've added

a logging option to send all output to a file. To use this just use the --log-file 

parameter:

```

./bucket_finder.rb --log-file bucket.out my_words

```

## Licence

This project released under the GNU GENERAL PUBLIC LICENSE Version 3.