This tool is based off of the Sandcastle projet from @yasinS. Using a word list, it will enumerate buckets and list files (if allowed). You can also choose to try to upload a test file, or attempt to view a bucket's ACL, policy, CORS configuration, replication configuration, website configuration and bucket location. You also have the option to check a single bucket that you have already found elsewhere.
- For this tool to work properly, you need to have AWS-CLI installed (http://docs.aws.amazon.com/cli/latest/userguide/installing.html). - Once installed, you need to run
$ aws configureto configure your AWS Access Keys.
- Clone this repo
- Run s3cruze.py with your target name. You can also specify your own dictionnary file if you'd like and you can also select if you want to try to upload a file or not. The default behavior will only enumerate buckets.
usage: s3cruze.py [-h] -t targetBucket [-f inputFile] [-u] [-d] [-a] [-p]
[-c] [-r] [-w] [-l] [--all] (-b | -s)
optional arguments:
-h, --help show this help message and exit
-t targetBucket, --target targetBucket
Select a target bucket name (e.g. 'shopify')
-f inputFile, --file inputFile
Select a bucket brute-forcing file (default: bucket-
names.txt)
-u, --upload File to upload will be automatically generated (e.g.
'BugBounty-[######].txt')
-d, --delete Delete file from bucket after uploading it
-a, --acl View bucket ACL
-p, --policy View bucket policy
-c, --cors View bucket CORS configuration
-r, --replication View bucket replication configuration
-w, --website View bucket website configuration
-l, --location View bucket location
--all View all bucket configuration
-b, --bruteforce Bruteforce buckets names. By default it will try to
list files from the buckets.
-s, --single Check a single bucket only
I'm just beginning to code in Python so if you feel it could work better by coding it in a certain way, please feel free to create pull requests, it would be greatly appreciated. Honestly, please do.
If needed, I can also be reached via Twitter @JR0ch17.