Sandcastle : A Python Script For AWS S3 Bucket Enumeration

Inspired by a conversation with Instacart’s @nickelser on HackerOne, I’ve optimized and published Sandcastle – a Python script for AWS S3 bucket enumeration, formerly known as bucketCrawler.

The script takes a target’s name as the stem argument (e.g. shopify) and iterates through a file of bucket name permutations, such as the ones below:

-training
-bucket
-dev
-attachments
-photos
-elasticsearch […]

Getting Started

  • Here’s how to get started:
    • Clone this repo (PyPi distribution temporarily disabled).
    • Run sandcastle.py with a target name and input file (grab an example from this repo)
    • Matching bucket permutations will be identified, and read permissions tested.

Usage: sandcastle.py [-h] -t targetStem [-f inputFile]
Arguments:
-h, –help show this help message and exit
-t targetStem, –target targetStem
Select a target stem name (e.g. ‘shopify’)
-f inputFile, –file inputFile
Select a bucket permutation file (default: bucket-
names.txt)

>>S3 bucket enumeration // release v1.2.4 // ysx
>>[*] Commencing enumeration of ‘shopify’, reading 138 lines from ‘bucket-names.txt’.
>>[+] Checking potential match: shopify-content –> 403
>>An error occurred (AccessDenied) when calling the ListObjects operation: Access Denied

Also Read – MSSQLi-DUET : MSSQL Injection-based Domain User Enumeration Tool

Status Codes & Testing

Status codeDefinitionNotes
404Bucket Not FoundNot a target for analysis (hidden by default)
403Access DeniedPotential target for analysis via the CLI
200Publicly AccessiblePotential target for analysis via the CLI

AWS CLI Commands

Here’s a quick reference of some useful AWS CLI commands:

  • List Files: aws s3 ls s3://bucket-name
  • Download Files: aws s3 cp s3://bucket-name/<file> <destination>
  • Upload Files: aws s3 cp/mv test-file.txt s3://bucket-name
  • Remove Files: aws s3 rm s3://bucket-name/test-file.txt

What is S3?

  • From the Amazon documentation, Working with Amazon S3 Buckets:
  • Amazon S3 [Simple Storage Service] is cloud storage for the Internet. To upload your data (photos, videos, documents etc.), you first create a bucket in one of the AWS Regions. You can then upload any number of objects to the bucket.
  • In terms of implementation, buckets and objects are resources, and Amazon S3 provides APIs for you to manage them.

Closing Remarks

  • This is my first public security project. Sandcastle is published under the MIT License.
  • Usage acknowledgements:
    • Castle (icon) by Andrew Doane from the Noun Project
    • Nixie One (logo typeface) free by Jovanny Lemonad
Download
R K

Share
Published by
R K
Tags: AWSPython ScriptS3S3 BucketSandcastle
5 years ago

Recent Posts

PatchWerk : A Tool For Cleaning NTDLL Syscall Stubs

PatchWerk is a proof-of-concept (PoC) tool designed to clean NTDLL syscall stubs by patching syscall…

1 hour ago

Modern Network Fingerprinting : HASSH And JA4+SSH Tools

Network fingerprinting is a critical technique for identifying and analyzing network traffic patterns, particularly in…

1 hour ago

HowToHunt : Unleashing The Power Of Advanced Hunting Tools

"HowToHunt" is a platform designed to assist hunters in improving their skills, planning their expeditions,…

1 hour ago

SkyFall-Pack : Infrastructure Automation For C2 Operations

SkyFall-Pack is an advanced infrastructure automation toolkit designed for Command and Control (C2) operations. It…

1 hour ago

LummaC2 Stealer : Unpacking The Threats Of A Marketed ‘Premium’ Malware

LummaC2 is a commodity malware designed as an information stealer, targeting browsers, cryptocurrency wallets, and…

1 hour ago

RustOwl : A Visualization Tool For Ownership And Lifetime

RustOwl is an innovative tool designed to enhance the Rust programming experience by visualizing ownership…

1 hour ago