aws-s3-data-finder
Find suspicious files (e.g. data backups, PII, credentials) across a large set of AWS S3 buckets and write the first 200k keys (by default) of listable buckets to a .json or .xml file (in buckets/) via AWS CLI or unauthenticated via HTTP requests.
Details
Category: Discovery
Publisher: trickest
Created Date: 9/7/2021
Container: quay.io/trickest/aws-s3-data-finder:244701a
Source URL: https://github.com/Ucnt/aws-s3-data-finder
Parameters
verbose
boolean
Command:
-v - Print verbose (Critical and errors)endpoint
string
Command:
--endpoint - Endpoint to use if doing an unauth scan. Auth scan will use region in awsclinum-keys
string
Command:
-nk - Number of keys to get per buckettest-mdoe
boolean
Command:
--test - Test mode to just print the bucket names being runcharacters
string
Command:
--characters - Characters to run via random/bruteforce, e.g. abcdefg..bucket-name
string
Command:
-n - Name to runstart-after
string
Command:
-sa - For all_chars, start after this stringbuckets-list
file
requiredCommand:
-nl - List of names to runvery-verbose
boolean
Command:
-vv - Print very verbose (critical, errors, and warnings)run-all-chars
boolean
Command:
-ac - Run all charsprefix-postfix
string
Command:
-pp - Run with prefixes and/or postfixes - options: prefix, postfix, bothunauthenticated
boolean
Command:
--unauthenticated - Run the search unauthenticated, via web requestignore-redirects
boolean
Command:
--no_follow_redirect - Don't follow redirectsrerun-previously
boolean
Command:
--rerun - Rerun previously searched bucketsrun-random-chars
boolean
Command:
-rc - Run random charsbucket-name-length
string
Command:
-nc - Length of bucket nameprint-bucket-names
boolean
Command:
-p - Print buket names as you gorealert-previously
boolean
Command:
--realert - Realert previously alerted suspicious files