aws-s3-data-finder
Find suspicious files (e.g. data backups, PII, credentials) across a large set of AWS S3 buckets and write the first 200k keys (by default) of listable buckets to a .json or .xml file (in buckets/) via AWS CLI or unauthenticated via HTTP requests.
Details
Category: Discovery
Publisher: trickest
Created Date: 9/7/2021
Container: quay.io/trickest/aws-s3-data-finder:244701a
Source URL: https://github.com/Ucnt/aws-s3-data-finder
Parameters
verbose
boolean
Command:
-v
- Print verbose (Critical and errors)endpoint
string
Command:
--endpoint
- Endpoint to use if doing an unauth scan. Auth scan will use region in awsclinum-keys
string
Command:
-nk
- Number of keys to get per buckettest-mdoe
boolean
Command:
--test
- Test mode to just print the bucket names being runcharacters
string
Command:
--characters
- Characters to run via random/bruteforce, e.g. abcdefg..bucket-name
string
Command:
-n
- Name to runstart-after
string
Command:
-sa
- For all_chars, start after this stringbuckets-list
file
requiredCommand:
-nl
- List of names to runvery-verbose
boolean
Command:
-vv
- Print very verbose (critical, errors, and warnings)run-all-chars
boolean
Command:
-ac
- Run all charsprefix-postfix
string
Command:
-pp
- Run with prefixes and/or postfixes - options: prefix, postfix, bothunauthenticated
boolean
Command:
--unauthenticated
- Run the search unauthenticated, via web requestignore-redirects
boolean
Command:
--no_follow_redirect
- Don't follow redirectsrerun-previously
boolean
Command:
--rerun
- Rerun previously searched bucketsrun-random-chars
boolean
Command:
-rc
- Run random charsbucket-name-length
string
Command:
-nc
- Length of bucket nameprint-bucket-names
boolean
Command:
-p
- Print buket names as you gorealert-previously
boolean
Command:
--realert
- Realert previously alerted suspicious files