Slurp is a Blackbox/whitebox S3 bucket enumerator.
Overview
Also Read : Python Uncompyle6 – A Cross-Version Python Bytecode Decompiler
There are two modes that this tool operates at; blackbox and whitebox mode. Whitebox mode (or internal) is significantly faster than blackbox (external) mode.
In this mode, you are using the permutations list to conduct scans. It will return false positives and there is no way to link the buckets to an actual aws account! Do not open issues asking how to do this.
Keywords
Whitebox (Internal)
In this mode, you are using the AWS API with credentials on a specific account that you own to see what is open. This method pulls all S3 buckets and checks Policy/ACL permissions. Note that, I will not provide support on how to use the AWS API. Your credentials should be in ~/.aws/credentials.
Internal
Usage
slurp domain <-t|--target> example.com will enumerate the S3 domains for a specific target.slurp keyword <-t|--target> linux,golang,python will enumerate S3 buckets based on those 3 key words.slurp internal performs an internal scan using the AWS API.This project uses vgo; you can clone and go build or download from Releases section. Please do not open issues on why you cannot build the project; this project builds like any other project would in Go, if you cannot build then I strongly suggest you read the go spec.
Also, the only binaries I’m including are linux/amd64; if you want mac/windows binaries, build it yourself.
General Working of a Web Application Firewall (WAF) A Web Application Firewall (WAF) acts as…
How to Send POST Requests Using curl in Linux If you work with APIs, servers,…
If you are a Linux user, you have probably seen commands like chmod 777 while…
Vim and Vi are among the most powerful text editors in the Linux world. They…
Working with compressed files is a common task for any Linux user. Whether you are…
In the digital era, an email address can reveal much more than just a contact…