Skip to content

hueristiq/xs3scann3r

Repository files navigation

sigs3scann3r

release maintenance open issues closed issues license twitter

sigs3scann3r is tool to scan AWS S3 bucket permissions.

Resources

Features

  • Scans all bucket permissions to find misconfigurations

Installation

From Binary

You can download the pre-built binary for your platform from this repository's releases page, extract, then move it to your $PATHand you're ready to go.

From Source

sigs3scann3r requires go1.14+ to install successfully. Run the following command to get the repo

GO111MODULE=on go get -u -v github.com/signedsecurity/sigs3scann3r/cmd/sigs3scann3r

From Github

git clone https://github.com/signedsecurity/sigs3scann3r.git && \
cd sigs3scann3r/cmd/sigs3scann3r/ && \
go build . && \
mv sigs3scann3r /usr/local/bin/ && \
sigs3scann3r -h

Usage

NOTE: To use this tool awscli is required to have been installed and configured.

To display help message for sigs3scann3r use the -h flag:

sigs3scann3r -h
     _           _____                           _____
 ___(_) __ _ ___|___ / ___  ___ __ _ _ __  _ __ |___ / _ __
/ __| |/ _` / __| |_ \/ __|/ __/ _` | '_ \| '_ \  |_ \| '__|
\__ \ | (_| \__ \___) \__ \ (_| (_| | | | | | | |___) | |
|___/_|\__, |___/____/|___/\___\__,_|_| |_|_| |_|____/|_| v1.1.0
       |___/

USAGE:
  sigs3scann3r [OPTIONS]

OPTIONS:
   -c, --concurrency  number of concurrent threads (default: 10)
   -d, --dump         location to dump objects
  -iL, --input-list   buckets list (use `-iL -` to read from stdin)
  -nC, --no-color     no color mode (default: false)
   -v, --verbose      verbose mode

sigs3scann3r takes buckets in the format:

  • Name - e.g. flaws.cloud
  • URL style - e.g. s3://flaws.cloud
  • Path style - e.g https://s3.amazonaws.com/flaws.cloud
  • Virtual Hosted style - e.g flaws.cloud.s3.amazonaws.com

Interpreting Results

Possible permissions for buckets:

  • Read - List and view all files
  • Write - Write files to bucket
  • Read ACP - Read all Access Control Policies attached to bucket
  • Write ACP - Write Access Control Policies to bucket
  • Full Control - All above permissions

Contribution

Issues and Pull Requests are welcome!