Pular para o conteúdo principal

Compartilhe

Professor especialista, autor reconhecido pela experiência na prática de investigação de crimes cibernéticos

https://pay.kiwify.com.br/2s1jYvk?afid=ueA911xk Alterar país Nome E-mail Confirmar e-mail CPF/CNPJ Telefone +55 ▼ Tem um cupom de desconto? Cartão Boleto Pix Número do cartão   01 02 03 04 05 06 07 08 09 10 11 12 Mês   2026 2027 2028 2029 2030 2031 2032 2033 2034 2035 2036 2037 2038 2039 2040 2041 2042 2043 2044 2045 2046 2047 2048 2049 2050 2051 2052 Ano Cód. segurança   12x de R$ 21,41 11x de R$ 22,98 10x de R$ 24,88 9x de R$ 27,20 8x de R$ 30,10 7x de R$ 33,84 6x de R$ 38,84 5x de R$ 45,83 4x de R$ 56,34 3x de R$ 73,87 2x de R$ 108,95 R$ 207,00 Parcelas Salvar dados para as próximas compras Protegemos seus dados de pagamento com criptografia para garantir segurança bancária. Pagar agora Ao clicar em 'Pagar agora', eu declaro que (i) estou ciente que a Kiwify está processando essa compra em nome de  54.609.184 ANDREIA ADRIANA LESSENKO DE OLIVEIRA  e que não possui responsabilidade pelo conteúdo, oferta, e nem faz controle prévio do infoproduto; (ii) que li e c...
Postar um comentário
Leia mais
Marcadores

Slurp - S3 Bucket Enumerator


    | POST SPONSORED BY FARADAYSEC | MULTIUSER PENTEST ENVIRONMENT
      


Blackbox/whitebox S3 bucket enumerator

Overview
  • Credit to all the vendor packages that made this tool possible.
  • This is a security tool; it's meant for pen-testers and security professionals to perform audits of s3 buckets.

Features
  • Scan via domain(s); you can target a single domain or a list of domains
  • Scan via keyword(s); you can target a single keyword or a list of keywords
  • Scan via AWS credentials; you can target your own AWS account to see which buckets have been exposed
  • Colorized output for visual grep
  • Currently generates over 28,000 permutations per domain and keyword (thanks to @jakewarren and @random-robbie)
  • Punycode support for internationalized domains
  • Strong copyleft license (GPLv3)

Modes
There are two modes that this tool operates at; blackbox and whitebox mode. Whitebox mode (or internal) is significantly faster than blackbox (external) mode.

Blackbox (external)
In this mode, you are using the permutations list to conduct scans. It will return false positives and there is no way to link the buckets to an actual aws account! Do not open issues asking how to do this.

Domain


Keywords


Whitebox (internal)
In this mode, you are using the AWS API with credentials on a specific account that you own to see what is open. This method pulls all S3 buckets and checks Policy/ACL permissions. Note that, I will not provide support on how to use the AWS API. Your credentialsshould be in ~/.aws/credentials.

internal


Usage
  • slurp domain <-t|--target> example.com will enumerate the S3 domains for a specific target.
  • slurp keyword <-t|--target> linux,golang,python will enumerate S3 buckets based on those 3 key words.
  • slurp internal performs an internal scan using the AWS API.

Installation
This project uses vgo; you can clone and go build or download from Releases section. Please do not open issues on why you cannot build the project; this project builds like any other project would in Go, if you cannot build then I strongly suggest you read the go spec.
Also, the only binaries I'm including are linux/amd64; if you want mac/windows binaries, build it yourself.


Enviar esta postagem
Marcadores:

Comentários

Postar um comentário

Como usar um Agente OSINT IA

Pericia Digital

Ebook

Postagens mais visitadas