Slurp - S3 Bucket Enumerator - Hi friends mederc, In the article that you read this time with the title Slurp - S3 Bucket Enumerator, We have prepared this article well for you to read and retrieve information from it. hopefully fill the posts Article AWS, Article Credentials, Article golang, Article Pentesting, Article S3, Article Scan, Article Security, Article Slurp, we write this you can understand. Alright, happy reading.

Title : Slurp - S3 Bucket Enumerator

link : Slurp - S3 Bucket Enumerator

Slurp - S3 Bucket Enumerator

Blackbox/whitebox S3 bucket enumerator

Overview

• Credit to all the vendor packages that made this tool possible.
• This is a safety tool; it's meant for pen-testers as well as safety professionals to perform audits of s3 buckets.

Features

• Scan via domain(s); yous tin post away target a unmarried domain or a listing of domains
• Scan via keyword(s); yous tin post away target a unmarried keyword or a listing of keywords
• Scan via AWS credentials; yous tin post away target your ain AWS trouble organization human relationship to come across which buckets convey been exposed
• Colorized output for visual grep
• Currently generates over 28,000 permutations per domain as well as keyword (thanks to @jakewarren as well as @random-robbie)
• Punycode back upward for internationalized domains
• Strong copyleft license (GPLv3)

Modes
There are 2 modes that this tool operates at; blackbox as well as whitebox mode. Whitebox manner (or internal) is significantly faster than blackbox (external) mode.

Blackbox (external)
In this mode, yous are using the permutations listing to send scans. It volition render imitation positives as well as in that place is no agency to link the buckets to an actual aws account! Do non opened upward issues bespeak how to create this.

Domain

Keywords

Whitebox (internal)
In this mode, yous are using the AWS API with credentials on a specific trouble organization human relationship that yous own to come across what is open. This method pulls all S3 buckets as well as checks Policy/ACL permissions. Note that, I volition non furnish back upward on how to piece of job the AWS API. Your credentials should last inward /.aws/credentials.

internal

Usage

• slurp domain <-t|--target> example.com volition enumerate the S3 domains for a specific target.
• slurp keyword <-t|--target> linux,golang,python volition enumerate S3 buckets based on those iii fundamental words.
• slurp internal performs an internal scan using the AWS API.

Installation
This projection uses vgo; yous tin post away clone as well as go build or download from Releases section. Please create non opened upward issues on why yous cannot cook the project; this projection builds similar whatever other projection would inward Go, if yous cannot cook as well as hence I strongly propose yous read the go spec.
Also, the alone binaries I'm including are linux/amd64; if yous desire mac/windows binaries, cook it yourself.

Download Slurp

Thus the article Slurp - S3 Bucket Enumerator

That's all the article Slurp - S3 Bucket Enumerator this time, hopefully can benefit you all. okay, see you in another article posting.

You are now reading the article Slurp - S3 Bucket Enumerator with the link address https://mederc.blogspot.com/2013/05/slurp-s3-bucket-enumerator.html

Share this post