sigs3scann3r is tool to scan AWS S3 bucket permissions.
- Scans all bucket permissions to find misconfigurations
You can download the pre-built binary for your platform from this repository's releases page, extract, then move it to your $PATH
and you're ready to go.
sigs3scann3r requires go1.14+ to install successfully. Run the following command to get the repo
GO111MODULE=on go get -u -v github.com/signedsecurity/sigs3scann3r/cmd/sigs3scann3r
git clone https://github.com/signedsecurity/sigs3scann3r.git && \
cd sigs3scann3r/cmd/sigs3scann3r/ && \
go build . && \
mv sigs3scann3r /usr/local/bin/ && \
sigs3scann3r -h
NOTE: To use this tool awscli is required to have been installed and configured.
To display help message for sigs3scann3r use the -h
flag:
sigs3scann3r -h
_ _____ _____
___(_) __ _ ___|___ / ___ ___ __ _ _ __ _ __ |___ / _ __
/ __| |/ _` / __| |_ \/ __|/ __/ _` | '_ \| '_ \ |_ \| '__|
\__ \ | (_| \__ \___) \__ \ (_| (_| | | | | | | |___) | |
|___/_|\__, |___/____/|___/\___\__,_|_| |_|_| |_|____/|_| v1.1.0
|___/
USAGE:
sigs3scann3r [OPTIONS]
OPTIONS:
-c, --concurrency number of concurrent threads (default: 10)
-d, --dump location to dump objects
-iL, --input-list buckets list (use `-iL -` to read from stdin)
-nC, --no-color no color mode (default: false)
-v, --verbose verbose mode
sigs3scann3r takes buckets in the format:
- Name - e.g.
flaws.cloud
- URL style - e.g.
s3://flaws.cloud
- Path style - e.g
https://s3.amazonaws.com/flaws.cloud
- Virtual Hosted style - e.g
flaws.cloud.s3.amazonaws.com
Possible permissions for buckets:
- Read - List and view all files
- Write - Write files to bucket
- Read ACP - Read all Access Control Policies attached to bucket
- Write ACP - Write Access Control Policies to bucket
- Full Control - All above permissions
Issues and Pull Requests are welcome!