Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/gwen001/s3-buckets-finder

Find AWS S3 buckets and test their permissions.
https://github.com/gwen001/s3-buckets-finder

aws aws-s3 bucket bugbounty cloud pentesting php s3 s3-bucket security-tools

Last synced: 11 days ago
JSON representation

Find AWS S3 buckets and test their permissions.

Awesome Lists containing this project

README 

        
s3-buckets-finder



PHP tool to brute force Amazon S3 bucket and test permissions.





    php badge

    MIT license badge

    twitter badge




---



## Description



This PHP tool searches for AWS S3 buckets using a given wordlist. When an existing bucket is found, the tool checks the permissions of the bucket:

get ACL, put ACL, list, HTTP list, write



## Requirements



**Amazon S3:**  

```

apt-get install awscli

aws configure

```

**Google Cloud:**  

https://cloud.google.com/storage/docs/gsutil_install



## Install



```

git clone https://github.com/gwen001/s3-buckets-finder

```



## Usage



```

Usage: php s3-buckets-bruteforcer.php [OPTIONS] --bucket 



Options:

	--bucket	single bucket name or listing file

	--detect-region	Amazon only, try to automatically detect the region of the bucket

	--force-recurse	even if the bucket doesn't exist, the max-depth option will be applied (use this option at your own risk)

	--glue		characters used as a separator when concatenate all elements, default are: none, dash, dot and underscore

	-h, --help	print this help

	--list		do no perform any test, simply list the generated permutations

	--max-depth	max depth of recursion, if a bucket is found, another level will be added (permutations are applied), default=1, ex:

				if  is found then test -xxx

				if -xxx is found then test -xxx-yyy

	--no-color	disable colored output

	--perform	tests to perform, default=esglw

				e: test if exist (always performed)

				s: set ACL

				g: get ACL

				l: list (cli and http)

				w: write

	--permut	permutation can be tested, default=0

				0: no permutation

				1: if both provided prefix and suffix are permuted (prefix..suffix, suffix..prefix)

				2: permutation applied only on the bucket name (a.b.c, b.c.a, ...)

				3: each elements will be separately permuted, then glogal permutation

	--prefix	single prefix or listing file

	--provider	can be: amazon, google, digitalocean

	--region	Amazon only, set the region (overwrite the option detect-region), value can be:

				us-east-1 us-east-2 us-west-1 us-west-2

				ap-south-1 ap-southeast-1 ap-southeast-2 ap-northeast-1 ap-northeast-2

				eu-central-1 eu-west-1 eu-west-2

				ca-central-1 sa-east-1

	--suffix	single suffix or listing file

	--thread	max threads, default=5

	-v,--verbosity	set verbosity, default=0

				0: everything

				1: do not display not found

				2: display only permissions success

				3: display only set ACL and write permission success



Examples:

	php s3-buckets-bruteforcer.php --bucket gwen001-test002

	php s3-buckets-bruteforcer.php --bucket listing.txt --no-color --verbosity 1

	php s3-buckets-bruteforcer.php --bucket listing1.txt --bucket listing2.txt --bucket listing3.txt --perform e --thread 10

	php s3-buckets-bruteforcer.php --bucket listing.txt --prefix prefix.txt --suffix suffix1.txt --suffix2.txt --perform esw --thread 10

	php s3-buckets-bruteforcer.php --bucket listing.txt --region us-east-2 --rlevel 3

```



---






---



Feel free to [open an issue](/../../issues/) if you have any problem with the script.