pip3 install s3scanner
docker build . -t s3scanner:latest
docker run --rm s3scanner:latest scan --bucket my-buket
git clone [email protected]:sa7mon/S3Scanner.git
cd S3Scanner
pip3 install -r requirements.txt
python3 -m S3Scanner
$ s3scanner --threads 8 scan --buckets-file ./bucket-names.txt
$ s3scanner --endpoint-url https://sfo2.digitaloceanspaces.com scan --bucket my-bucket
$ s3scanner dump --bucket my-bucket-to-dump
$ s3scanner --endpoint-url https://objects.dreamhost.com --endpoint-address-style vhost --insecure scan --bucket my-bucket
usage: s3scanner [-h] [--version] [--threads n] [--endpoint-url ENDPOINT_URL] [--endpoint-address-style {path,vhost}] [--insecure] {scan,dump} ...
s3scanner: Audit unsecured S3 buckets
by Dan Salmon - github.com/sa7mon, @bltjetpack
optional arguments:
-h, --help show this help message and exit
--version Display the current version of this tool
--threads n, -t n Number of threads to use. Default: 4
--endpoint-url ENDPOINT_URL, -u ENDPOINT_URL
URL of S3-compliant API. Default: https://s3.amazonaws.com
--endpoint-address-style {path,vhost}, -s {path,vhost}
Address style to use for the endpoint. Default: path
--insecure, -i Do not verify SSL
mode:
{scan,dump} (Must choose one)
scan Scan bucket permissions
dump Dump the contents of buckets
--endpoint-url--endpoint-address-style--insecure
数字海洋空间(SFO2区域)--https://sfo2.digitaloceanspaces.com
梦想主机-https://objects.dreamhost.com
Linode 对象存储(欧盟中部 1 区域)-https://eu-central-1.linodeobjects.com
Scaleway 对象存储(nl-ams 区域)-https://s3.nl-ams.scw.cloud
芥末云存储-http://s3.wasabisys.com/
获取工具包
原文始发于微信公众号(白帽学子):S3 存储桶扫描工具
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论