diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2581c62..fb1a8e1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,4 +1,3 @@ - name: release on: diff --git a/README.md b/README.md index 37d5d2a..383400e 100644 --- a/README.md +++ b/README.md @@ -2,70 +2,90 @@ [![release](https://img.shields.io/github/release/signedsecurity/sigs3scann3r?style=flat&color=0040ff)](https://github.com/signedsecurity/sigs3scann3r/releases) ![maintenance](https://img.shields.io/badge/maintained%3F-yes-0040ff.svg) [![open issues](https://img.shields.io/github/issues-raw/signedsecurity/sigs3scann3r.svg?style=flat&color=0040ff)](https://github.com/signedsecurity/sigs3scann3r/issues?q=is:issue+is:open) [![closed issues](https://img.shields.io/github/issues-closed-raw/signedsecurity/sigs3scann3r.svg?style=flat&color=0040ff)](https://github.com/signedsecurity/sigs3scann3r/issues?q=is:issue+is:closed) [![license](https://img.shields.io/badge/license-MIT-gray.svg?colorB=0040FF)](https://github.com/signedsecurity/sigs3scann3r/blob/master/LICENSE) [![twitter](https://img.shields.io/badge/twitter-@signedsecurity-0040ff.svg)](https://twitter.com/signedsecurity) -sigs3scann3r is tool to scan AWS S3 bucket permissions and dump bucket contents where applicable. +sigs3scann3r is tool to scan AWS S3 bucket permissions. ## Resources -* [Usage](#usage) +* [Features](#features) * [Installation](#installation) * [From Binary](#from-binary) * [From source](#from-source) * [From github](#from-github) +* [Usage](#usage) + * [Interpreting Results](#interpreting-results) * [Contribution](#contribution) +## Features + +* Scans all bucket permissions to find misconfigurations + +## Installation + +#### From Binary + +You can download the pre-built binary for your platform from this repository's [releases](https://github.com/signedsecurity/sigs3scann3r/releases/) page, extract, then move it to your `$PATH`and you're ready to go. + +#### From Source + +sigs3scann3r requires **go1.14+** to install successfully. Run the following command to get the repo + +```bash +GO111MODULE=on go get -u -v github.com/signedsecurity/sigs3scann3r/cmd/sigs3scann3r +``` + +#### From Github + +```bash +git clone https://github.com/signedsecurity/sigs3scann3r.git && \ +cd sigs3scann3r/cmd/sigs3scann3r/ && \ +go build . && \ +mv sigs3scann3r /usr/local/bin/ && \ +sigs3scann3r -h +``` + ## Usage +> **NOTE:** To use this tool awscli is required to have been installed and configured. + To display help message for sigs3scann3r use the `-h` flag: ``` $ sigs3scann3r -h - _ _____ _____ - ___(_) __ _ ___|___ / ___ ___ __ _ _ __ _ __ |___ / _ __ + _ _____ _____ + ___(_) __ _ ___|___ / ___ ___ __ _ _ __ _ __ |___ / _ __ / __| |/ _` / __| |_ \/ __|/ __/ _` | '_ \| '_ \ |_ \| '__| -\__ \ | (_| \__ \___) \__ \ (_| (_| | | | | | | |___) | | -|___/_|\__, |___/____/|___/\___\__,_|_| |_|_| |_|____/|_| v1.1.1 +\__ \ | (_| \__ \___) \__ \ (_| (_| | | | | | | |___) | | +|___/_|\__, |___/____/|___/\___\__,_|_| |_|_| |_|____/|_| v1.0.0 |___/ USAGE: sigs3scann3r [OPTIONS] OPTIONS: - -dump dump found open buckets locally (default: false) - -iL input buckets list (use `iL -` to read from stdin) - -nC no color mode (default: false) - -o buckets dump directory (default: ./buckets) - -v verbose mode + -iL, --input-list input buckets list (use `iL -` to read from stdin) + -c, --concurrency number of concurrent threads (default: 10) + -nC, --no-color no color mode (default: false) + -v, --verbose verbose mode + ``` sigs3scann3r takes buckets in the format: -* name - e.g. `flaws.cloud` -* path style - e.g `https://s3.amazonaws.com/flaws.cloud` -* virtual hosted style - e.g `flaws.cloud.s3.amazonaws.com` -## Installation +* Name - e.g. `flaws.cloud` +* URL style - e.g. `s3://flaws.cloud` +* Path style - e.g `https://s3.amazonaws.com/flaws.cloud` +* Virtual Hosted style - e.g `flaws.cloud.s3.amazonaws.com` -#### From Binary +### Interpreting Results -You can download the pre-built binary for your platform from this repository's [releases](https://github.com/signedsecurity/sigs3scann3r/releases/) page, extract, then move it to your `$PATH`and you're ready to go. - -#### From Source +[Possible permissions](https://docs.aws.amazon.com/AmazonS3/latest/userguide/managing-acls.html) for buckets: -sigs3scann3r requires **go1.14+** to install successfully. Run the following command to get the repo - -```bash -▶ GO111MODULE=on go get -u -v github.com/signedsecurity/sigs3scann3r/cmd/sigs3scann3r -``` - -#### From Github - -```bash -▶ git clone https://github.com/signedsecurity/sigs3scann3r.git -▶ cd sigs3scann3r/cmd/sigs3scann3r/ -▶ go build . -▶ mv sigs3scann3r /usr/local/bin/ -▶ sigs3scann3r -h -``` +* Read - List and view all files +* Write - Write files to bucket +* Read ACP - Read all Access Control Policies attached to bucket +* Write ACP - Write Access Control Policies to bucket +* Full Control - All above permissions ## Contribution diff --git a/cmd/sigs3scann3r/main.go b/cmd/sigs3scann3r/main.go index e34b0c5..669e272 100644 --- a/cmd/sigs3scann3r/main.go +++ b/cmd/sigs3scann3r/main.go @@ -2,27 +2,27 @@ package main import ( "bufio" + "context" "errors" "flag" "fmt" "log" "net/http" "os" - "path" "strings" + "sync" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/service/s3" + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/service/s3" "github.com/logrusorgru/aurora/v3" - "github.com/signedsecurity/sigs3scann3r/pkg/sigs3scann3r" + "github.com/signedsecurity/sigs3scann3r/pkg/s3format" ) type options struct { - buckets string - dump bool - noColor bool - output string - verbose bool + inputList string + concurrency int + noColor, verbose bool } var ( @@ -42,10 +42,11 @@ func banner() { } func init() { - flag.BoolVar(&co.dump, "dump", false, "") - flag.StringVar(&co.buckets, "iL", "", "") + flag.StringVar(&co.inputList, "input-list", "", "") + flag.StringVar(&co.inputList, "iL", "", "") + flag.IntVar(&co.concurrency, "concurrency", 10, "") + flag.IntVar(&co.concurrency, "c", 10, "") flag.BoolVar(&co.noColor, "nC", false, "") - flag.StringVar(&co.output, "o", "./buckets", "") flag.BoolVar(&co.verbose, "v", false, "") flag.Usage = func() { @@ -55,11 +56,10 @@ func init() { h += " sigs3scann3r [OPTIONS]\n" h += "\nOPTIONS:\n" - h += " -dump dump found open buckets locally (default: false)\n" - h += " -iL input buckets list (use `iL -` to read from stdin)\n" - h += " -nC no color mode (default: false)\n" - h += " -o buckets dump directory (default: ./buckets)\n" - h += " -v verbose mode\n" + h += " -iL, --input-list input buckets list (use `iL -` to read from stdin)\n" + h += " -c, --concurrency number of concurrent threads (default: 10)\n" + h += " -nC, --no-color no color mode (default: false)\n" + h += " -v, --verbose verbose mode\n" fmt.Fprint(os.Stderr, h) } @@ -70,14 +70,14 @@ func init() { } func main() { - buckets := make(chan string) + buckets := make(chan string, co.concurrency) go func() { defer close(buckets) var scanner *bufio.Scanner - if co.buckets == "-" { + if co.inputList == "-" { stat, err := os.Stdin.Stat() if err != nil { log.Fatalln(errors.New("no stdin")) @@ -89,7 +89,7 @@ func main() { scanner = bufio.NewScanner(os.Stdin) } else { - openedFile, err := os.Open(co.buckets) + openedFile, err := os.Open(co.inputList) if err != nil { log.Fatalln(err) } @@ -109,124 +109,117 @@ func main() { } }() - for bucket := range buckets { - // Check existence & Get Region - res, err := http.Get("http://" + sigs3scann3r.Format(bucket, "vhost")) - if err != nil { - fmt.Println(err) - continue - } - - defer res.Body.Close() - - if res.StatusCode == http.StatusNotFound { - fmt.Println(au.BrightRed("-").Bold(), sigs3scann3r.Format(bucket, "name"), "[", au.BrightRed("Not Found").Bold(), "]") - continue - } - - fmt.Println(au.BrightGreen("+").Bold(), sigs3scann3r.Format(bucket, "name")) + wg := &sync.WaitGroup{} - // Extract Region - region := res.Header.Get("X-Amz-Bucket-Region") + for i := 0; i < co.concurrency; i++ { + wg.Add(1) - fmt.Println(" ", au.BrightGreen("+").Bold(), "Region:", region) + go func() { + defer wg.Done() - scanner, err := sigs3scann3r.New(region) - if err != nil { - fmt.Println(err) - continue - } - - // Get bucket ACL - aclResult, err := scanner.Service.GetBucketAcl(&s3.GetBucketAclInput{ - Bucket: aws.String(sigs3scann3r.Format(bucket, "name")), - }) - if err != nil { - errorf(err.Error(), co.verbose) + cfg, err := config.LoadDefaultConfig(context.TODO()) + if err != nil { + log.Fatalln(err) + } - ERRORS := []string{"AccessDenied", "AllAccessDisabled"} + for bucket := range buckets { + logger := log.New(os.Stdout, fmt.Sprintf(" %s | ", s3format.ToName(bucket)), 0) - for _, ERROR := range ERRORS { - if strings.Contains(fmt.Sprintln(err), ERROR) { - fmt.Println(" ", au.BrightRed("-").Bold(), "ACL:", ERROR) - break + // Check existence & Get Region + res, err := http.Get("http://" + s3format.ToVHost(bucket)) + if err != nil { + fmt.Println(err) + continue } - } - } else { - GROUPS := map[string]string{ - "http://acs.amazonaws.com/groups/global/AllUsers": "Everyone", - "http://acs.amazonaws.com/groups/global/AuthenticatedUsers": "Authenticated AWS users", - } - PERMISSIONS := map[string][]string{} - for _, grant := range aclResult.Grants { - if *grant.Grantee.Type == "Group" { - for GROUP := range GROUPS { - if *grant.Grantee.URI == GROUP { - PERMISSIONS[GROUPS[GROUP]] = append(PERMISSIONS[GROUPS[GROUP]], *grant.Permission) - } - } + if res.StatusCode == http.StatusNotFound { + logger.Printf("STATUS: %s\n", au.BrightRed("Not Found").Bold()) + continue + } else { + logger.Printf("STATUS: %s\n", au.BrightGreen("Found").Bold()) } - } - fmt.Println(" ", au.BrightGreen("+").Bold(), "ACL:") - for PERMISSION := range PERMISSIONS { - fmt.Println(" ", au.BrightGreen("+").Bold(), PERMISSION, ":", strings.Join(PERMISSIONS[PERMISSION], ", ")) - } - } + // Extract Region + region := res.Header.Get("X-Amz-Bucket-Region") - // List Objects - objectsResults, err := scanner.Service.ListObjectsV2(&s3.ListObjectsV2Input{Bucket: aws.String(bucket)}) - if err != nil { - errorf(err.Error(), co.verbose) - } + logger.Printf("REGION: %s\n", region) - if len(objectsResults.Contents) > 0 { - fmt.Println(" ", au.BrightGreen("+").Bold(), "Objects:") + // New Client + client := s3.NewFromConfig(cfg, func(o *s3.Options) { + o.Region = region + }) - for _, item := range objectsResults.Contents { - fmt.Println(" ", au.BrightGreen("+").Bold(), *item.Key, au.BrightGreen("size:"), *item.Size, au.BrightGreen("last_modified:"), *item.LastModified) + // GetBucketAcl - if co.dump { - output := co.output + "/" + sigs3scann3r.Format(bucket, "name") + "/" + *item.Key + GetBucketAclInput := &s3.GetBucketAclInput{ + Bucket: aws.String(s3format.ToName(bucket)), + } - if _, err := os.Stat(output); os.IsNotExist(err) { - directory, _ := path.Split(output) + GetBucketAclOutput, err := client.GetBucketAcl(context.TODO(), GetBucketAclInput) + if err != nil { + logger.Printf("GET ACL: %s\n", au.BrightRed("Failed").Bold()) + } else { + GROUPS := map[string]string{ + "http://acs.amazonaws.com/groups/global/AllUsers": "Everyone", + "http://acs.amazonaws.com/groups/global/AuthenticatedUsers": "Authenticated AWS users", + } + PERMISSIONS := map[string][]string{} - if _, err := os.Stat(directory); os.IsNotExist(err) { - if directory != "" { - if err = os.MkdirAll(directory, os.ModePerm); err != nil { - log.Fatalln(err) + for _, grant := range GetBucketAclOutput.Grants { + if grant.Grantee.Type == "Group" { + for GROUP := range GROUPS { + if *grant.Grantee.URI == GROUP { + PERMISSIONS[GROUPS[GROUP]] = append(PERMISSIONS[GROUPS[GROUP]], string(grant.Permission)) } } } } - file, err := os.Create(output) - if err != nil { - errorf(err.Error(), co.verbose) + ACL := []string{} + + for PERMISSION := range PERMISSIONS { + ACL = append(ACL, fmt.Sprintf("%s: %s", PERMISSION, strings.Join(PERMISSIONS[PERMISSION], ", "))) } - defer file.Close() + logger.Printf("GET ACL: %s\n", strings.Join(ACL, "; ")) + } - numBytes, err := scanner.Downloader.Download(file, - &s3.GetObjectInput{ - Bucket: aws.String(bucket), - Key: aws.String(*item.Key), - }) - if err != nil { - errorf(err.Error(), co.verbose) - } + // PutObject + + PutObjectInput := &s3.PutObjectInput{ + Bucket: aws.String(s3format.ToName(bucket)), + Key: aws.String("etetst.txt"), + } - fmt.Println("Downloaded", file.Name(), numBytes, "bytes") + _, err = client.PutObject(context.TODO(), PutObjectInput) + if err != nil { + logger.Printf("PUT OBJECTS: %s\n", au.BrightRed("Failed").Bold()) + } else { + logger.Printf("PUT OBJECTS: %s\n", au.BrightGreen("Success").Bold()) } + + // ListObjectsV2 + + ListObjectsV2Input := &s3.ListObjectsV2Input{ + Bucket: aws.String(s3format.ToName(bucket)), + } + + _, err = client.ListObjectsV2(context.TODO(), ListObjectsV2Input) + if err != nil { + logger.Printf("GET OBJECTS: %s\n", au.BrightRed("Failed").Bold()) + } else { + logger.Printf("GET OBJECTS: %s\n", au.BrightGreen("Success").Bold()) + } + // if ListObjectsV2Output != nil && ListObjectsV2Output.Contents != nil { + // fmt.Println(" ", au.BrightGreen("+").Bold(), "Objects:") + + // for _, item := range ListObjectsV2Output.Contents { + // fmt.Println(" ", au.BrightGreen("+").Bold(), *item.Key, au.BrightGreen("size:"), item.Size, au.BrightGreen("last_modified:"), *item.LastModified) + // } + // } } - } + }() } -} -func errorf(msg string, verbose bool, args ...interface{}) { - if verbose { - fmt.Fprintf(os.Stderr, msg+"\n", args...) - } + wg.Wait() } diff --git a/sample b/example-buckets.txt similarity index 100% rename from sample rename to example-buckets.txt diff --git a/go.mod b/go.mod index ccea2ec..b3f0ae4 100644 --- a/go.mod +++ b/go.mod @@ -3,6 +3,8 @@ module github.com/signedsecurity/sigs3scann3r go 1.13 require ( - github.com/aws/aws-sdk-go v1.36.25 + github.com/aws/aws-sdk-go-v2 v1.7.1 + github.com/aws/aws-sdk-go-v2/config v1.5.0 + github.com/aws/aws-sdk-go-v2/service/s3 v1.11.1 github.com/logrusorgru/aurora/v3 v3.0.0 ) diff --git a/go.sum b/go.sum index 3986e64..5fb7793 100644 --- a/go.sum +++ b/go.sum @@ -1,29 +1,43 @@ -github.com/aws/aws-sdk-go v1.36.25 h1:foHwQg8LGGuR9L8IODs2co5OQqjYhNNrngefIbXbyjg= -github.com/aws/aws-sdk-go v1.36.25/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= +github.com/aws/aws-sdk-go-v2 v1.7.1 h1:TswSc7KNqZ/K1Ijt3IkpXk/2+62vi3Q82Yrr5wSbRBQ= +github.com/aws/aws-sdk-go-v2 v1.7.1/go.mod h1:L5LuPC1ZgDr2xQS7AmIec/Jlc7O/Y1u2KxJyNVab250= +github.com/aws/aws-sdk-go-v2/config v1.5.0 h1:tRQcWXVmO7wC+ApwYc2LiYKfIBoIrdzcJ+7HIh6AlR0= +github.com/aws/aws-sdk-go-v2/config v1.5.0/go.mod h1:RWlPOAW3E3tbtNAqTwvSW54Of/yP3oiZXMI0xfUdjyA= +github.com/aws/aws-sdk-go-v2/credentials v1.3.1 h1:fFeqL5+9kwFKsCb2oci5yAIDsWYqn/Nga8oQ5bIasI8= +github.com/aws/aws-sdk-go-v2/credentials v1.3.1/go.mod h1:r0n73xwsIVagq8RsxmZbGSRQFj9As3je72C2WzUIToc= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.3.0 h1:s4vtv3Mv1CisI3qm2HGHi1Ls9ZtbCOEqeQn6oz7fTyU= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.3.0/go.mod h1:2LAuqPx1I6jNfaGDucWfA2zqQCYCOMCDHiCOciALyNw= +github.com/aws/aws-sdk-go-v2/internal/ini v1.1.1 h1:SDLwr1NKyowP7uqxuLNdvFZhjnoVWxNv456zAp+ZFjU= +github.com/aws/aws-sdk-go-v2/internal/ini v1.1.1/go.mod h1:Zy8smImhTdOETZqfyn01iNOe0CNggVbPjCajyaz6Gvg= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.2.1 h1:s/uV8UyMB4UcO0ERHxG9BJhYJAD9MiY0QeYvJmlC7PE= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.2.1/go.mod h1:v33JQ57i2nekYTA70Mb+O18KeH4KqhdqxTJZNK1zdRE= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.2.1 h1:VJe/XEhrfyfBLupcGg1BfUSK2VMZNdbDcZQ49jnp+h0= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.2.1/go.mod h1:zceowr5Z1Nh2WVP8bf/3ikB41IZW59E4yIYbg+pC6mw= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.5.1 h1:1ds3HkMQEBx9XvOkqsPuqBmNFn0w8XEDuB4LOi6KepU= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.5.1/go.mod h1:6EQZIwNNvHpq/2/QSJnp4+ECvqIy55w95Ofs0ze+nGQ= +github.com/aws/aws-sdk-go-v2/service/s3 v1.11.1 h1:HiXhafnqG0AkVJIZA/BHhFvuc/8xFdUO1uaeqF2Artc= +github.com/aws/aws-sdk-go-v2/service/s3 v1.11.1/go.mod h1:XLAGFrEjbvMCLvAtWLLP32yTv8GpBquCApZEycDLunI= +github.com/aws/aws-sdk-go-v2/service/sso v1.3.1 h1:H2ZLWHUbbeYtghuqCY5s/7tbBM99PAwCioRJF8QvV/U= +github.com/aws/aws-sdk-go-v2/service/sso v1.3.1/go.mod h1:J3A3RGUvuCZjvSuZEcOpHDnzZP/sKbhDWV2T1EOzFIM= +github.com/aws/aws-sdk-go-v2/service/sts v1.6.0 h1:Y9r6mrzOyAYz4qKaluSH19zqH1236il/nGbsPKOUT0s= +github.com/aws/aws-sdk-go-v2/service/sts v1.6.0/go.mod h1:q7o0j7d7HrJk/vr9uUt3BVRASvcU7gYZB9PUgPiByXg= +github.com/aws/smithy-go v1.6.0 h1:T6puApfBcYiTIsaI+SYWqanjMt5pc3aoyyDrI+0YH54= +github.com/aws/smithy-go v1.6.0/go.mod h1:SObp3lf9smib00L/v3U2eAKG8FyQ7iLrJnQiAmR5n+E= github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= +github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/logrusorgru/aurora/v3 v3.0.0 h1:R6zcoZZbvVcGMvDCKo45A9U/lzYyzl5NfYIvznmDfE4= github.com/logrusorgru/aurora/v3 v3.0.0/go.mod h1:vsR12bk5grlLvLXAYrBsb5Oc/N+LxAlxggSjiwMnCUc= -github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20201110031124-69a78807bb2b h1:uwuIcX0g4Yl1NC5XAz37xsr2lTtcqevgzYNVt49waME= -golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= diff --git a/pkg/sigs3scann3r/format.go b/pkg/s3format/s3format.go similarity index 76% rename from pkg/sigs3scann3r/format.go rename to pkg/s3format/s3format.go index f00bf86..42eedc8 100644 --- a/pkg/sigs3scann3r/format.go +++ b/pkg/s3format/s3format.go @@ -1,4 +1,4 @@ -package sigs3scann3r +package s3format import ( "regexp" @@ -12,13 +12,15 @@ const ( ) func Format(bucket, format string) string { + var ( + s3name, result string + ) + target := strings.Replace(bucket, "http://", "", 1) target = strings.Replace(target, "https://", "", 1) target = strings.Replace(target, "s3://", "s3:////", 1) target = strings.Replace(target, "//", "", 1) - var s3name string - if path, _ := regexp.MatchString(s3path, target); path { target = strings.Replace(target, "s3.amazonaws.com/", "", 1) target = strings.Split(target, "/")[0] @@ -35,8 +37,6 @@ func Format(bucket, format string) string { s3name = target } - var result string - switch format { case "path": result = "https://s3.amazonaws.com/" + s3name @@ -52,3 +52,23 @@ func Format(bucket, format string) string { return result } + +// ToPath +func ToPath(bucket string) string { + return Format(bucket, "path") +} + +// ToName +func ToName(bucket string) string { + return Format(bucket, "name") +} + +// ToURL +func ToURL(bucket string) string { + return Format(bucket, "url") +} + +// ToVHost +func ToVHost(bucket string) string { + return Format(bucket, "vhost") +} diff --git a/pkg/sigs3scann3r/sigs3scann3r.go b/pkg/sigs3scann3r/sigs3scann3r.go deleted file mode 100644 index e1bb16e..0000000 --- a/pkg/sigs3scann3r/sigs3scann3r.go +++ /dev/null @@ -1,32 +0,0 @@ -package sigs3scann3r - -import ( - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/session" - "github.com/aws/aws-sdk-go/service/s3" - "github.com/aws/aws-sdk-go/service/s3/s3iface" - "github.com/aws/aws-sdk-go/service/s3/s3manager" -) - -type sigs3scann3r struct { - Service s3iface.S3API - Downloader *s3manager.Downloader -} - -func New(region string) (sigs3scann3r, error) { - sigs3scann3r := sigs3scann3r{} - - // Initialize a session in us-west-2 that the SDK will use to load credentials - // from the shared credentials file. (~/.aws/credentials). - sess := session.Must(session.NewSession(&aws.Config{ - Region: aws.String(region), - })) - - // Create S3 service client - sigs3scann3r.Service = s3.New(sess) - - // Create S3 service client - sigs3scann3r.Downloader = s3manager.NewDownloader(sess) - - return sigs3scann3r, nil -}