Inspired by a conversation with Instacart’s @nickelser on HackerOne, I’ve optimized and published Sandcastle – a Python script for AWS S3 bucket enumeration, formerly known as bucketCrawler.
The script takes a target’s name as the stem argument (e.g. shopify
) and iterates through a file of bucket name permutations, such as the ones below:
-training
-bucket
-dev
-attachments
-photos
-elasticsearch […]
Getting Started
sandcastle.py
with a target name and input file (grab an example from this repo)Usage: sandcastle.py [-h] -t targetStem [-f inputFile]
Arguments:
-h, –help show this help message and exit
-t targetStem, –target targetStem
Select a target stem name (e.g. ‘shopify’)
-f inputFile, –file inputFile
Select a bucket permutation file (default: bucket-
names.txt)
>>S3 bucket enumeration // release v1.2.4 // ysx
>>[*] Commencing enumeration of ‘shopify’, reading 138 lines from ‘bucket-names.txt’.
>>[+] Checking potential match: shopify-content –> 403
>>An error occurred (AccessDenied) when calling the ListObjects operation: Access Denied
Also Read – MSSQLi-DUET : MSSQL Injection-based Domain User Enumeration Tool
Status Codes & Testing
Status code | Definition | Notes |
---|---|---|
404 | Bucket Not Found | Not a target for analysis (hidden by default) |
403 | Access Denied | Potential target for analysis via the CLI |
200 | Publicly Accessible | Potential target for analysis via the CLI |
AWS CLI Commands
Here’s a quick reference of some useful AWS CLI commands:
aws s3 ls s3://bucket-name
aws s3 cp s3://bucket-name/<file> <destination>
aws s3 cp/mv test-file.txt s3://bucket-name
aws s3 rm s3://bucket-name/test-file.txt
What is S3?
Closing Remarks
Overview WhatsMyName is a free, community-driven OSINT tool designed to identify where a username exists…
Managing disk usage is a crucial task for Linux users and administrators alike. Understanding which…
Efficient disk space management is vital in Linux, especially for system administrators who manage servers…
Knowing how to check directory sizes in Linux is essential for managing disk space and…
Managing user accounts is a core responsibility for any Linux administrator. Whether you’re securing a…
Linux offers powerful command-line tools for system administrators to view and manage user accounts. Knowing…