S3Reverse is a format of various s3 buckets is convert in one format. for bugbounty and security testing.
Install
$ go get -u github.com/hahwul/s3reverse
Usage
Input options
Usage of ./s3reverse:
-iL string
Input List
-oA string
Write output in Array format (optional)
-oN string
Write output in Normal format (optional)
-tN
to name
-tP
to path-style
-tS
to s3 url
-tV
to virtual-hosted-style
-verify
testing bucket(acl,takeover)
$ s3reverse -iL sample -tN
udemy-web-upload-transitional
github-cloud
github-production-repository-file-5c1aeb
github-production-upload-manifest-file-7fdce7
github-production-user-asset-6210df
github-education-web
github-jobs
s3-us-west-2.amazonaws.com
optimizely
app-usa-modeast-prod-a01239f
doc
swipely-merchant-assets
adslfjasldfkjasldkfjalsdfkajsljasldf
cbphotovideo
cbphotovideo-eu
public.chaturbate.com
wowdvr
cbvideoupload
testbuckettesttest
$ cat sample | s3reverse -tN
udemy-web-upload-transitional
github-cloud
github-production-repository-file-5c1aeb
github-production-upload-manifest-file-7fdce7
github-production-user-asset-6210df
github-education-web
github-jobs
s3-us-west-2.amazonaws.com
optimizely
app-usa-modeast-prod-a01239f
doc
swipely-merchant-assets
adslfjasldfkjasldkfjalsdfkajsljasldf
cbphotovideo
cbphotovideo-eu
public.chaturbate.com
wowdvr
cbvideoupload
testbuckettesttest
Also Read – Adamantium-Thief : Decrypt Chromium Based Browsers Passwords & Credit Cards
Output Options
$ s3reverse -iL sample -tN
udemy-web-upload-transitional
github-cloud
github-production-repository-file-5c1aeb
github-production-upload-manifest-file-7fdce7
… snip …
$ s3reverse -iL sample -tP
https://s3.amazonaws.com/udemy-web-upload-transitional
https://s3.amazonaws.com/github-cloud
https://s3.amazonaws.com/github-production-repository-file-5c1aeb
… snip …
$ s3reverse -iL sample -tV
udemy-web-upload-transitional.s3.amazonaws.com
github-cloud.s3.amazonaws.com
github-production-repository-file-5c1aeb.s3.amazonaws.com
github-production-upload-manifest-file-7fdce7.s3.amazonaws.com
github-production-user-asset-6210df.s3.amazonaws.com
… snip …
Verify Mode
$ s3reverse -iL sample -verify
[NoSuchBucket] adslfjasldfkjasldkfjalsdfkajsljasldf
[PublicAccessDenied] github-production-user-asset-6210df
[PublicAccessDenied] github-jobs
[PublicAccessDenied] public.chaturbate.com
[PublicAccessDenied] github-education-web
[PublicAccessDenied] github-production-repository-file-5c1aeb
[PublicAccessDenied] testbuckettesttest
[PublicAccessDenied] app-usa-modeast-prod-a01239f
[PublicAccessGranted] cbphotovideo-eu
[PublicAccessDenied] swipely-merchant-assets
[PublicAccessDenied] optimizely
[PublicAccessDenied] wowdvr
[PublicAccessGranted] s3-us-west-2.amazonaws.com
[PublicAccessDenied] cbphotovideo
[PublicAccessDenied] cbvideoupload
[PublicAccessDenied] github-production-upload-manifest-file-7fdce7
[PublicAccessDenied] doc
[PublicAccessDenied] udemy-web-upload-transitional
[PublicAccessDenied] github-cloud
Case Study
$ meg -d 1000 -v / ; cd out ; gf s3-buckets | s3reverse -tN > buckets ; s3scanner buckets
$ meg -d 1000 -v / ; cd out ; gf s3-buckets | s3reverse -verify | grep NoSuchBucket > takeovers
Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…
MODeflattener is a specialized tool designed to reverse OLLVM's control flow flattening obfuscation through static…
"My Awesome List" is a curated collection of tools, libraries, and resources spanning various domains…
CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, allowed attackers to execute arbitrary…
The blog post "Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals" provides…
The exploitation of CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, relies on…