Ethical Hacking Tutorials

Ethical Hacking Tutorials, Tips and Tricks

sandcastle: AWS S3 bucket enumeration


A Python script for AWS S3 bucket enumeration.

Inspired by a conversation with Instacart’s @nickelser on HackerOne, I’ve optimized and published Sandcastle – a Python script for AWS S3 bucket enumeration, formerly known as bucketCrawler.

The script takes a target’s name as the stem argument (e.g. shopify) and iterates through a file of bucket name permutations, such as the ones below:

-training
-bucket
-dev
-attachments
-photos
-elasticsearch
[...]

 

Download

git clone https://github.com/Parasimpaticki/sandcastle.git

Use

usage: sandcastle.py [-h] (-t targetStem | -f inputFile) [-b bucketFile]
                     [-o outputFile]

arguments:
  -h, --help            show this help message and exit
  -t targetStem, --target targetStem
                        Select a target stem name (e.g. 'shopify')
  -f inputFile, --file inputFile
                        Select a target list file
  -b bucketFile, --bucket-list bucketFile
                        Select a bucket permutation file (default: bucket-
                        names.txt)
  -o outputFile, --output outputFile
                        Select a output file

 

Status codes and testing

Status code Definition Notes
404 Bucket Not Found Not a target for analysis (hidden by default)
403 Access Denied Potential target for analysis via the CLI
200 Publicly Accessible Potential target for analysis via the CLI

 

   ____             __             __  __
  / __/__ ____  ___/ /______ ____ / /_/ /__
 _ / _ `/ _ / _  / __/ _ `(_-</ __/ / -_)
/___/_,_/_//_/_,_/__/_,_/___/__/_/__/

S3 bucket enumeration // release v1.2.5 // ysx


[*] Commencing enumeration of 'shopify', reading 163 lines from 'bucket-names.txt'.

[+] Checking potential match: shopify-content --> 403

An error occurred (AccessDenied) when calling the ListObjects operation: Access Denied

 

Copyright (c) 2017 Yasin Soliman

Source: https://github.com/Parasimpaticki/

Updated: October 3, 2018 — 5:20 am

Leave a Reply

Your email address will not be published. Required fields are marked *

Ethical Hacking Tutorials © 2018
Skip to toolbar