Skip to content
/ slurp Public
forked from gdraperi/slurp-1

Evaluate the security of S3 buckets

License

GPL-3.0 license
1 star 64 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

opexxx/slurp

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

93 Commits
.github
.github
 
 
docs
docs
 
 
scanner
scanner
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 
permutations.json
permutations.json
 
 

Repository files navigation

slurp

slurp

Blackbox/whitebox S3 bucket enumerator

Overview

  • Credit to all the vendor packages that made this tool possible.
  • This is a security tool; it's meant for pen-testers and security professionals to perform audits of s3 buckets.

Features

  • Scan via domain(s); you can target a single domain or a list of domains
  • Scan via keyword(s); you can target a single keyword or a list of keywords
  • Scan via AWS credentials; you can target your own AWS account to see which buckets have been exposed
  • Colorized output for visual grep
  • Currently generates over 28,000 permutations per domain and keyword (thanks to @jakewarren and @random-robbie)
  • Punycode support for internationalized domains
  • Strong copyleft license (GPLv3)

Modes

There are two modes that this tool operates at; blackbox and whitebox mode. Whitebox mode (or internal) is significantly faster than blackbox (external) mode.

Blackbox (external)

In this mode, you are using the permutations list to conduct scans. It will return false positives and there is no way to link the buckets to an actual aws account! Do not open issues asking how to do this.

Domain

domain-scan

Keywords

keyword-scan

Whitebox (internal)

In this mode, you are using the AWS API with credentials on a specific account that you own to see what is open. This method pulls all S3 buckets and checks Policy/ACL permissions. Note that, I will not provide support on how to use the AWS API. Your credentials should be in ~/.aws/credentials.

internal

internal-scan

Usage

  • slurp domain <-t|--target> example.com will enumerate the S3 domains for a specific target.
  • slurp keyword <-t|--target> linux,golang,python will enumerate S3 buckets based on those 3 key words.
  • slurp internal performs an internal scan using the AWS API.

Installation

This project uses vgo; you can clone and go build or download from Releases section. Please do not open issues on why you cannot build the project; this project builds like any other project would in Go, if you cannot build then I strongly suggest you read the go spec.

Also, the only binaries I'm including are linux/amd64; if you want mac/windows binaries, build it yourself.

Contributors

  • Thanks to @jakewarren and @random-robbie for permutations list(s).
  • Thanks to Yvonni Fhang for the logo.

About

Evaluate the security of S3 buckets

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages

  • Go 100.0%