-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
30491ae
commit c780175
Showing
8 changed files
with
216 additions
and
200 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,3 @@ | ||
|
|
||
| name: release | ||
|
|
||
| on: | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,70 +2,90 @@ | |
|
|
||
| [](https://github.com/signedsecurity/sigs3scann3r/releases)  [](https://github.com/signedsecurity/sigs3scann3r/issues?q=is:issue+is:open) [](https://github.com/signedsecurity/sigs3scann3r/issues?q=is:issue+is:closed) [](https://github.com/signedsecurity/sigs3scann3r/blob/master/LICENSE) [](https://twitter.com/signedsecurity) | ||
|
|
||
| sigs3scann3r is tool to scan AWS S3 bucket permissions and dump bucket contents where applicable. | ||
| sigs3scann3r is tool to scan AWS S3 bucket permissions. | ||
|
|
||
| ## Resources | ||
|
|
||
| * [Usage](#usage) | ||
| * [Features](#features) | ||
| * [Installation](#installation) | ||
| * [From Binary](#from-binary) | ||
| * [From source](#from-source) | ||
| * [From github](#from-github) | ||
| * [Usage](#usage) | ||
| * [Interpreting Results](#interpreting-results) | ||
| * [Contribution](#contribution) | ||
|
|
||
| ## Features | ||
|
|
||
| * Scans all bucket permissions to find misconfigurations | ||
|
|
||
| ## Installation | ||
|
|
||
| #### From Binary | ||
|
|
||
| You can download the pre-built binary for your platform from this repository's [releases](https://github.com/signedsecurity/sigs3scann3r/releases/) page, extract, then move it to your `$PATH`and you're ready to go. | ||
|
|
||
| #### From Source | ||
|
|
||
| sigs3scann3r requires **go1.14+** to install successfully. Run the following command to get the repo | ||
|
|
||
| ```bash | ||
| GO111MODULE=on go get -u -v github.com/signedsecurity/sigs3scann3r/cmd/sigs3scann3r | ||
| ``` | ||
|
|
||
| #### From Github | ||
|
|
||
| ```bash | ||
| git clone https://github.com/signedsecurity/sigs3scann3r.git && \ | ||
| cd sigs3scann3r/cmd/sigs3scann3r/ && \ | ||
| go build . && \ | ||
| mv sigs3scann3r /usr/local/bin/ && \ | ||
| sigs3scann3r -h | ||
| ``` | ||
|
|
||
| ## Usage | ||
|
|
||
| > **NOTE:** To use this tool awscli is required to have been installed and configured. | ||
| To display help message for sigs3scann3r use the `-h` flag: | ||
|
|
||
| ``` | ||
| $ sigs3scann3r -h | ||
| _ _____ _____ | ||
| ___(_) __ _ ___|___ / ___ ___ __ _ _ __ _ __ |___ / _ __ | ||
| _ _____ _____ | ||
| ___(_) __ _ ___|___ / ___ ___ __ _ _ __ _ __ |___ / _ __ | ||
| / __| |/ _` / __| |_ \/ __|/ __/ _` | '_ \| '_ \ |_ \| '__| | ||
| \__ \ | (_| \__ \___) \__ \ (_| (_| | | | | | | |___) | | | ||
| |___/_|\__, |___/____/|___/\___\__,_|_| |_|_| |_|____/|_| v1.1.1 | ||
| \__ \ | (_| \__ \___) \__ \ (_| (_| | | | | | | |___) | | | ||
| |___/_|\__, |___/____/|___/\___\__,_|_| |_|_| |_|____/|_| v1.0.0 | ||
| |___/ | ||
| USAGE: | ||
| sigs3scann3r [OPTIONS] | ||
| OPTIONS: | ||
| -dump dump found open buckets locally (default: false) | ||
| -iL input buckets list (use `iL -` to read from stdin) | ||
| -nC no color mode (default: false) | ||
| -o buckets dump directory (default: ./buckets) | ||
| -v verbose mode | ||
| -iL, --input-list input buckets list (use `iL -` to read from stdin) | ||
| -c, --concurrency number of concurrent threads (default: 10) | ||
| -nC, --no-color no color mode (default: false) | ||
| -v, --verbose verbose mode | ||
| ``` | ||
|
|
||
| sigs3scann3r takes buckets in the format: | ||
| * name - e.g. `flaws.cloud` | ||
| * path style - e.g `https://s3.amazonaws.com/flaws.cloud` | ||
| * virtual hosted style - e.g `flaws.cloud.s3.amazonaws.com` | ||
|
|
||
| ## Installation | ||
| * Name - e.g. `flaws.cloud` | ||
| * URL style - e.g. `s3://flaws.cloud` | ||
| * Path style - e.g `https://s3.amazonaws.com/flaws.cloud` | ||
| * Virtual Hosted style - e.g `flaws.cloud.s3.amazonaws.com` | ||
|
|
||
| #### From Binary | ||
| ### Interpreting Results | ||
|
|
||
| You can download the pre-built binary for your platform from this repository's [releases](https://github.com/signedsecurity/sigs3scann3r/releases/) page, extract, then move it to your `$PATH`and you're ready to go. | ||
|
|
||
| #### From Source | ||
| [Possible permissions](https://docs.aws.amazon.com/AmazonS3/latest/userguide/managing-acls.html) for buckets: | ||
|
|
||
| sigs3scann3r requires **go1.14+** to install successfully. Run the following command to get the repo | ||
|
|
||
| ```bash | ||
| ▶ GO111MODULE=on go get -u -v github.com/signedsecurity/sigs3scann3r/cmd/sigs3scann3r | ||
| ``` | ||
|
|
||
| #### From Github | ||
|
|
||
| ```bash | ||
| ▶ git clone https://github.com/signedsecurity/sigs3scann3r.git | ||
| ▶ cd sigs3scann3r/cmd/sigs3scann3r/ | ||
| ▶ go build . | ||
| ▶ mv sigs3scann3r /usr/local/bin/ | ||
| ▶ sigs3scann3r -h | ||
| ``` | ||
| * Read - List and view all files | ||
| * Write - Write files to bucket | ||
| * Read ACP - Read all Access Control Policies attached to bucket | ||
| * Write ACP - Write Access Control Policies to bucket | ||
| * Full Control - All above permissions | ||
|
|
||
| ## Contribution | ||
|
|
||
|
|
||
Oops, something went wrong.