A Python script for AWS S3 bucket enumeration.
Inspired by a conversation with Instacart’s @nickelser on HackerOne, I’ve optimized and published Sandcastle – a Python script for AWS S3 bucket enumeration, formerly known as bucketCrawler.
The script takes a target’s name as the stem argument (e.g. shopify) and iterates through a file of bucket name permutations, such as the ones below:
git clone https://github.com/Parasimpaticki/sandcastle.git
Status codes and testing
|404||Bucket Not Found||Not a target for analysis (hidden by default)|
|403||Access Denied||Potential target for analysis via the CLI|
|200||Publicly Accessible||Potential target for analysis via the CLI|
Copyright (c) 2017 Yasin Soliman