Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/digininja/CloudStorageFinder
A collection of tools to find data that has been made public in cloud storage systems such as S3 Buckets and Digital Ocean Spaces
https://github.com/digininja/CloudStorageFinder
Last synced: about 2 months ago
JSON representation
A collection of tools to find data that has been made public in cloud storage systems such as S3 Buckets and Digital Ocean Spaces
- Host: GitHub
- URL: https://github.com/digininja/CloudStorageFinder
- Owner: digininja
- License: gpl-3.0
- Created: 2018-02-26T10:33:20.000Z (almost 7 years ago)
- Default Branch: master
- Last Pushed: 2022-03-28T15:36:37.000Z (over 2 years ago)
- Last Synced: 2024-07-25T05:34:17.462Z (5 months ago)
- Language: Ruby
- Size: 40 KB
- Stars: 64
- Watchers: 7
- Forks: 16
- Open Issues: 0
-
Metadata Files:
- Readme: README.bucket_finder.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-tools - CloudStorageFinder - Tools to find public data in cloud storage systems (Asset Discovery / Cloud Infrastructure Discovery)
- Awesome-Asset-Discovery - CloudStorageFinder
- awesome-sec-s3 - CloudStorageFinder - A collection of tools to find data that has been made public in cloud storage systems such as S3 Buckets and Digital Ocean Spaces (Awesome AWS S3 Security [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/mxm0z/awesome-sec-s3))
README
# Bucket Finder
Copyright(c) 2018, Robin Wood
This project goes alongside my blog post "
[What's In Amazon's Buckets?](https://digi.ninja/blog/whats_in_amazons_buckets.php)",
read through that for more information on what is going on behind the scenes.This is a fairly simple tool to run, all it requires is a wordlist and it will
go off and check each word to see if that bucket name exists in the Amazon's
S3 system. Any that it finds it will check to see if the bucket is public,
private or a redirect.Public buckets are checked for directory indexing being enabled, if it is then
all files listed will be checked using HEAD to see if they are public or private.
Redirects are followed and the final destination checked. All this is reported
on so you can later go through and analyse what has been found.## Version
1.0 - Release
1.1 - Added logging to file## Installation
I don't think it needs anything more than the built in modules so you shouldn't
need to install any gems. Just grab the file, make it executable and run it.I've tested it in Ruby 1.8.7 and 1.9.1 so there should be no problems with versions.
## Usage
Basic usage is simple, just start it with a wordlist:```
./bucket_finder.rb my_words
```And it will go off and do your bidding.
You can specify which region you want to run the initial check against by using
the --region parameter:```
./bucket_finder.rb --region ie my_words
```The script will follow all redirects anyway so even if left at default, US Standard,
everything will be found that can be found but if most of the buckets you are
finding are in a different region then you'll be doing a lot of redirects so doubling
your network traffic.You can also specify the --download option to download all public files found. Be
careful with this as there are a lot of large files out there. I'd personally do
the general search then only use this option with a select subset of bucket names:```
./bucket_finder.rb --download --region ie my_words
```The files are downloaded into a folder with the bucket name and then the appropriate
structure from the bucket.As some people are having trouble piping the output to files or other apps I've added
a logging option to send all output to a file. To use this just use the --log-file
parameter:```
./bucket_finder.rb --log-file bucket.out my_words
```## Licence
This project released under the GNU GENERAL PUBLIC LICENSE Version 3.