{ "info": { "author": "Travis Clarke", "author_email": "travis.m.clarke@gmail.com", "bugtrack_url": null, "classifiers": [ "License :: OSI Approved :: MIT License", "Operating System :: OS Independent", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7" ], "description": "# [s3recon](https://s3recon.readthedocs.io/en/latest/)\n\n[![PyPi release](https://img.shields.io/pypi/v/s3recon.svg)](https://pypi.org/project/s3recon/)\n[![PyPi versions](https://img.shields.io/pypi/pyversions/s3recon.svg)](https://pypi.org/project/s3recon/)\n[![Downloads](https://pepy.tech/badge/s3recon)](https://pepy.tech/project/s3recon)\n[![Documentation Status](https://readthedocs.org/projects/s3recon/badge/?version=latest)](https://s3recon.readthedocs.io/en/latest/?badge=latest)\n\nAmazon S3 bucket finder and crawler.\n\n
\n\n

\n\n\n[Check out the s3recon docs](https://s3recon.readthedocs.io/en/latest/)\n\n## Installation\n\n```bash\n$ pip install s3recon\n```\n\n## Usage\n```text\n\nusage: s3recon [-h] [-o file] [-t seconds] word_list [word_list ...]\n\npositional arguments:\n word_list read words from one or more files\n\noptional arguments:\n -h, --help show this help message and exit\n -o file, --output file write output to \n -d, --db write output to database\n -p, --public only include 'public' buckets in the output\n -t seconds, --timeout seconds http request timeout in (default: 30)\n -v, --version show program's version number and exit\n\n```\n\n## Example 1: Output to a json file\n\n#### 1. Download a word-list. \nThe [SecLists](https://github.com/clarketm/s3recon/edit/master/README.md) repository has a multitude of word-lists to choose from. For this example, let's download the sample word-list included in this repository.\n\n```bash\n$ curl -sSfL -o \"word-list.txt\" \"https://raw.githubusercontent.com/clarketm/s3recon/master/data/words.txt\"\n```\n\n#### 2. Run `s3recon`. \nExecute `s3recon` using the `word-list.txt` file and output the `public` S3 buckets to a json file named `results.json`.\n\n```bash\n$ s3recon \"word-list.txt\" -o \"results.json\" --public\n\n- PRIVATE https://s3.sa-east-1.amazonaws.com/test-lyft\n- PRIVATE https://s3.ap-south-1.amazonaws.com/test.amazon\n+ PUBLIC https://walmart-dev.s3.us-east-1.amazonaws.com\n- PRIVATE https://s3.ap-southeast-1.amazonaws.com/apple-prod\n- PRIVATE https://walmart.s3.ap-southeast-1.amazonaws.com\n...\n```\n\n#### 3. Inspect the results. \nCheck the `results.json` output file to view the S3 buckets you have discovered!\n\n```bash\n$ cat \"results.json\"\n```\n\n```json\n{\n \"public\": {\n \"total\": 12,\n \"hits\": [\n \"https://walmart-dev.s3.us-east-1.amazonaws.com\",\n \"https://apple-production.s3.ap-southeast-1.amazonaws.com\",\n ...\n ]\n }\n}\n```\n\n> **Note:** to include `private` buckets in the results omit the `-p, --public` flag from the command.\n\n#### 4. Crawl the results.\nEnumerate the static files located in each bucket and record the findings.\n> Coming soon!\n\n\n## Example 2: Output to a MongoDB database\n\n#### 1. Download a word-list. \nThe [SecLists](https://github.com/clarketm/s3recon/edit/master/README.md) repository has a multitude of word-lists to choose from. For this example, let's download the sample word-list included in this repository.\n\n```bash\n$ curl -sSfL -o \"word-list.txt\" \"https://raw.githubusercontent.com/clarketm/s3recon/master/data/words.txt\"\n```\n\n#### 2. Start an instance of MongoDB\n```text\n$ docker run --name \"mongo\" -p 27017:27017 -v \"mongodb_data:/data/db\" -v \"mongodb_config:/data/configdb\" -d mongo\n```\n\n#### 3. Run `s3recon`. \nExecute `s3recon` using the `word-list.txt` file and output to MongoDB instance.\n\n```bash\n$ s3recon \"word-list.txt\" --db\n\n- PRIVATE https://s3.sa-east-1.amazonaws.com/test-lyft\n- PRIVATE https://s3.ap-south-1.amazonaws.com/test.amazon\n+ PUBLIC https://walmart-dev.s3.us-east-1.amazonaws.com\n- PRIVATE https://s3.ap-southeast-1.amazonaws.com/apple-prod\n- PRIVATE https://walmart.s3.ap-southeast-1.amazonaws.com\n...\n```\n\n#### 3. Inspect the results. \nCheck the MongoDB database: `s3recon` collection: `hits` to view the S3 buckets you have discovered!\n\n```bash\n$ mongo \"s3recon\" --quiet --eval 'db.hits.find({}, {\"url\": 1, \"access\": 1, \"_id\": 0}).limit(5)'\n```\n\n```json\n{ \"url\" : \"https://s3.us-east-2.amazonaws.com/apple\", \"access\" : \"private\" }\n{ \"url\" : \"https://s3.us-west-1.amazonaws.com/microsoft-dev\", \"access\" : \"private\" }\n{ \"url\" : \"https://s3.us-west-1.amazonaws.com/dev-microsoft\", \"access\" : \"private\" }\n{ \"url\" : \"https://s3.us-east-2.amazonaws.com/amazon\", \"access\" : \"private\" }\n{ \"url\" : \"https://s3.us-east-1.amazonaws.com/dev-amazon\", \"access\" : \"private\" }\n```\n\n#### 4. Crawl the results.\nEnumerate the static files located in each bucket and record the findings.\n> Coming soon!\n\n\n## FAQ\n#### Q: How do I configure this utility?\n#### A: \n`s3recon` can be configure using a yaml configuration file located in either the current working directory (e.g. `./s3recon.yml`) or your home diretory (e.g. `~/s3recon.yml`).\n\nThe following is the list of configurable values:\n```yaml\n# s3recon.yml\n\ndatabase: { host: \"0.0.0.0\", ... }\n\nseparators: [\"-\", \"_\", \".\"]\n\nenvironments: [\"\", \"backup\", \"backups\", ...]\n\nregions: [\"ap-northeast-1\", \"ap-northeast-2\", ...]\n```\n\n> To see the full list of configurable values (and their **defaults**) please refer to the [s3recon.yml](https://github.com/clarketm/s3recon/blob/master/s3recon/s3recon.yml) file in this repository. \n\n\n#### Q: How do I customize the AWS regions used in the recon?\n#### A: \nThe AWS *regions* can be altered by setting the `regions` array in your `s3recon.yml` configuration file. \n```yaml\n# s3recon.yml\n\nregions: [ \"us-west-2\", ...]\n```\n\n\n#### Q: How do I customize the environment values used in the recon?\n#### A: \nThe *environments* are modifiers permuted with each item of the *word-list* (and the *separator*) to construct the bucket value in request.\nThe value can be altered by setting the `environments` array in your `s3recon.yml` configuration file.\n\nFor example, to only search lines from the word-list *verbatim* (i.e. without modification) you can set this value to an empty array. \n```yaml\n# s3recon.yml\n\nenvironments: []\n```\n\n#### Q: How do I customize the MongoDB host and port?\n#### A: \nThe database *host* and *port* can be configured by altering the `database` map in your `s3recon.yml` configuration file.\n\nFor example, `host` and `port` can be set directly inside the `database` map\n```yaml\n# s3recon.yml\n\ndatabase: {\n host: \"0.0.0.0\",\n port: 27017\n}\n```\n\n#### Q: How do I use a database other than MongoDB?\n#### A: \nSorry, at the moment only MongoDB is supported.\n\n## Going Forward\n\n- [ ] Create `crawl` command to crawl public/private buckets found in `find` stage.\n- [ ] Separate out `find` and `crawl` as subcommands.\n- [x] Store discovered buckets in a NoSQL database.\n\n## Disclaimer\nThis tools is distributed for educational and security purposes. I take no responsibility and assume no liability for the manner in which this tool is used.\n\n## License\n\nMIT © [**Travis Clarke**](https://blog.travismclarke.com/)\n\n\n", "description_content_type": "text/markdown", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/clarketm/s3recon", "keywords": "", "license": "", "maintainer": "", "maintainer_email": "", "name": "s3recon", "package_url": "https://pypi.org/project/s3recon/", "platform": "", "project_url": "https://pypi.org/project/s3recon/", "project_urls": { "Homepage": "https://github.com/clarketm/s3recon" }, "release_url": "https://pypi.org/project/s3recon/1.2.2/", "requires_dist": [ "mergedeep (>=1.0)" ], "requires_python": ">=3.6", "summary": "Amazon S3 bucket finder.", "version": "1.2.2" }, "last_serial": 5586596, "releases": { "1.0.0": [ { "comment_text": "", "digests": { "md5": "f3acb5f687349be9df410d9508486f83", "sha256": "89c564cbd68247aa8453133e34fdfe8523d7c464a0e7694657af76860f64d0bd" }, "downloads": -1, "filename": "s3recon-1.0.0-py3-none-any.whl", "has_sig": false, "md5_digest": "f3acb5f687349be9df410d9508486f83", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 5797, "upload_time": "2019-02-04T06:23:57", "url": "https://files.pythonhosted.org/packages/41/ae/8d33daf144981633d99a273cd0938ad42ba7b9b4ad251f42cfba125b89f5/s3recon-1.0.0-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "6011fd50cd94084326c744259bcd22b9", "sha256": "f7e6c98f32163c6cc9fa4891229aa6b32c11fef3b5b5ea1f2483db35cab18359" }, "downloads": -1, "filename": "s3recon-1.0.0.tar.gz", "has_sig": false, "md5_digest": "6011fd50cd94084326c744259bcd22b9", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 4910, "upload_time": "2019-02-04T06:23:58", "url": "https://files.pythonhosted.org/packages/f3/d4/215358b9a223b8c5a0f768405aff0c964576a2e5fc20bf8d9d28d4bb0b91/s3recon-1.0.0.tar.gz" } ], "1.1.0": [ { "comment_text": "", "digests": { "md5": "e4d2babe1d79f566dda8093640e5f979", "sha256": "e07a568497eacfc8d631e4fd7d9d5099ccfc409dc9b8ecefe54a737733a7312b" }, "downloads": -1, "filename": "s3recon-1.1.0-py3-none-any.whl", "has_sig": false, "md5_digest": "e4d2babe1d79f566dda8093640e5f979", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 7147, "upload_time": "2019-02-09T10:49:12", "url": "https://files.pythonhosted.org/packages/93/0b/3b357fbf91892a1e7e2a2dcfc6e1a37f683675a2fc8875fc62efcd7d78bf/s3recon-1.1.0-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "0f9a8d27b276573f125d1f196c525e82", "sha256": "f1c2a40cac76dbab0d3f351373ab65eeb64b022d33f22a9702e741c98c54fa18" }, "downloads": -1, "filename": "s3recon-1.1.0.tar.gz", "has_sig": false, "md5_digest": "0f9a8d27b276573f125d1f196c525e82", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 6475, "upload_time": "2019-02-09T10:49:13", "url": "https://files.pythonhosted.org/packages/46/b4/bd1f4c7312ca217955dcf99978be6da9814d829c05aadcc0be92598b8a4f/s3recon-1.1.0.tar.gz" } ], "1.1.1": [ { "comment_text": "", "digests": { "md5": "4045f625ff4fe12737a9b247fdd5df79", "sha256": "862e98b11df4b7eb250d9b49b6a60e20a68d46a9ff6c6b16f04d453bed3d51ae" }, "downloads": -1, "filename": "s3recon-1.1.1-py3-none-any.whl", "has_sig": false, "md5_digest": "4045f625ff4fe12737a9b247fdd5df79", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 7110, "upload_time": "2019-02-09T10:59:53", "url": "https://files.pythonhosted.org/packages/57/b7/cd3ad63f8748e8ea2466a46c264c51219a10b8bcf4a8f453bd0452ce2c8d/s3recon-1.1.1-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "d9e2f7b198eebeda76bec049b1a17c58", "sha256": "808c194c9f3996af6fce45bc27e43d112988a044048f805bfafe52dadfd53e4c" }, "downloads": -1, "filename": "s3recon-1.1.1.tar.gz", "has_sig": false, "md5_digest": "d9e2f7b198eebeda76bec049b1a17c58", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 6418, "upload_time": "2019-02-09T10:59:55", "url": "https://files.pythonhosted.org/packages/a5/1f/e7e7e079f7cdcff631610d2cc1eec857a2662cf7f1c01a68dc8b83077cb4/s3recon-1.1.1.tar.gz" } ], "1.1.2": [ { "comment_text": "", "digests": { "md5": "9bb8577aefb2b8cfda706de0b647b5ee", "sha256": "77ff33132d0283ad7842df948457a63eb8bfb04ab41c0260138ad101c388f929" }, "downloads": -1, "filename": "s3recon-1.1.2-py3-none-any.whl", "has_sig": false, "md5_digest": "9bb8577aefb2b8cfda706de0b647b5ee", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 7218, "upload_time": "2019-02-09T11:34:22", "url": "https://files.pythonhosted.org/packages/9d/aa/d1a9a1d379161a054f55ef00a19fb033d6acd68708e83d397b84e15bb76c/s3recon-1.1.2-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "f5f1824154cecb16580bdd994ed32ae5", "sha256": "eb24a39afbdb88d048622f2b724918ccc6898aa78e0c7e8f9cb3a05c8e2e697f" }, "downloads": -1, "filename": "s3recon-1.1.2.tar.gz", "has_sig": false, "md5_digest": "f5f1824154cecb16580bdd994ed32ae5", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 6545, "upload_time": "2019-02-09T11:34:23", "url": "https://files.pythonhosted.org/packages/9c/d4/d762d5b5ece8b91de38a26ef63bc90237cd4c4fd0c48d5f9bcdd89b7fbd1/s3recon-1.1.2.tar.gz" } ], "1.1.3": [ { "comment_text": "", "digests": { "md5": "e831b10b0631118f28553bf7041c708f", "sha256": "6ce3c9825bdb4e1cf3ae839b40e08036494103071610ec70f53c57afa983fc13" }, "downloads": -1, "filename": "s3recon-1.1.3-py3-none-any.whl", "has_sig": false, "md5_digest": "e831b10b0631118f28553bf7041c708f", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": ">=3.6", "size": 7245, "upload_time": "2019-02-11T03:36:56", "url": "https://files.pythonhosted.org/packages/68/ef/0786fcffc17ede8ddac2208530bd6fbf4f362ad10b9fcba88c22ed90e264/s3recon-1.1.3-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "d4b6870d762e8b94986fc058f4815cc5", "sha256": "b734466c37e3a35022012159369d924a665c3a86faceee8585137aa813de0108" }, "downloads": -1, "filename": "s3recon-1.1.3.tar.gz", "has_sig": false, "md5_digest": "d4b6870d762e8b94986fc058f4815cc5", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.6", "size": 6629, "upload_time": "2019-02-11T03:36:57", "url": "https://files.pythonhosted.org/packages/9e/8c/fd7ba825b87df2d785ec588df5a98baecac31e90f79f650540c11b1e9fec/s3recon-1.1.3.tar.gz" } ], "1.2.1": [ { "comment_text": "", "digests": { "md5": "18930ec5f7b64992be2837137c80368b", "sha256": "00b5062f18618dc46e7a8165f1d4308b03647bff6ea1075feed182a8278380c2" }, "downloads": -1, "filename": "s3recon-1.2.1-py3-none-any.whl", "has_sig": false, "md5_digest": "18930ec5f7b64992be2837137c80368b", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": ">=3.6", "size": 9165, "upload_time": "2019-02-12T05:05:46", "url": "https://files.pythonhosted.org/packages/e7/ac/2848a6296d11b545b6f045b8a3406d3b37e3c33aca00dae457520c548d01/s3recon-1.2.1-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "f8cf03c8ce526ded26cb23559c3cff12", "sha256": "f13fb3f0277503153947bc51189970edf2b4cee5fcb5a032d7f82212e6bc16b0" }, "downloads": -1, "filename": "s3recon-1.2.1.tar.gz", "has_sig": false, "md5_digest": "f8cf03c8ce526ded26cb23559c3cff12", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.6", "size": 9117, "upload_time": "2019-02-12T05:05:47", "url": "https://files.pythonhosted.org/packages/ad/dc/42b37f435c0bf1fa989b6a6c761ea8d857273e0c9c03e4675e1de5dd65ba/s3recon-1.2.1.tar.gz" } ], "1.2.2": [ { "comment_text": "", "digests": { "md5": "d10ee3400dd5c9202d4cb6708ab27297", "sha256": "f6d0d9f66cfef0a0dd4df650b8aafadbc21bfae5109356bfe9fce52846f725c6" }, "downloads": -1, "filename": "s3recon-1.2.2-py3-none-any.whl", "has_sig": false, "md5_digest": "d10ee3400dd5c9202d4cb6708ab27297", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": ">=3.6", "size": 9197, "upload_time": "2019-07-26T03:04:35", "url": "https://files.pythonhosted.org/packages/51/4a/682c5413d7f144091b03cdddc8d6795f4b17590e502b94c0cac7ace896d1/s3recon-1.2.2-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "ee48c756dc3b802790862e8d594974d9", "sha256": "77bceff14454d98074804af3eab399626c41c63ff189959ce618e75db61b3380" }, "downloads": -1, "filename": "s3recon-1.2.2.tar.gz", "has_sig": false, "md5_digest": "ee48c756dc3b802790862e8d594974d9", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.6", "size": 9087, "upload_time": "2019-07-26T03:04:36", "url": "https://files.pythonhosted.org/packages/ad/24/2d2eaf664cd6e814037ed6023f7b1e460cd5ffd18fdc45388dc3dc5b35d3/s3recon-1.2.2.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "d10ee3400dd5c9202d4cb6708ab27297", "sha256": "f6d0d9f66cfef0a0dd4df650b8aafadbc21bfae5109356bfe9fce52846f725c6" }, "downloads": -1, "filename": "s3recon-1.2.2-py3-none-any.whl", "has_sig": false, "md5_digest": "d10ee3400dd5c9202d4cb6708ab27297", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": ">=3.6", "size": 9197, "upload_time": "2019-07-26T03:04:35", "url": "https://files.pythonhosted.org/packages/51/4a/682c5413d7f144091b03cdddc8d6795f4b17590e502b94c0cac7ace896d1/s3recon-1.2.2-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "ee48c756dc3b802790862e8d594974d9", "sha256": "77bceff14454d98074804af3eab399626c41c63ff189959ce618e75db61b3380" }, "downloads": -1, "filename": "s3recon-1.2.2.tar.gz", "has_sig": false, "md5_digest": "ee48c756dc3b802790862e8d594974d9", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.6", "size": 9087, "upload_time": "2019-07-26T03:04:36", "url": "https://files.pythonhosted.org/packages/ad/24/2d2eaf664cd6e814037ed6023f7b1e460cd5ffd18fdc45388dc3dc5b35d3/s3recon-1.2.2.tar.gz" } ] }