AWS S3 Security Scanning Tool | AWSBucketDump
Category : Blog
AWS
AWS launched in 2006 from the internal infrastructure that Amazon.com built to handle its online retail operations. AWS was one of the first companies to introduce a pay-as-you-go cloud computing model that scales to provide users with compute, storage or throughput as needed.
Amazon Web Services provides services from dozens of data centers spread across availability zones (AZs) in regions across the world. An AZ represents a location that typically contains multiple physical data centers, while a region is a collection of AZs in geographic proximity connected by low-latency network links. An AWS customer can spin up virtual machines (VMs) and replicate data in different AZs to achieve a highly reliable infrastructure that is resistant to failures of individual servers or an entire data center.
AWSBucketDump
AWSBucketDump is an AWS S3 Security Tool, which allows you to quickly enumerate AWS S3 buckets to look for interesting or confidential files. It’s similar to a subdomain brute-forcing tool but is made specifically for S3 buckets and also has some extra features that allow you to grep for delicious files as well as download interesting files if you’re not afraid to quickly fill up your hard drive.
This is a tool that enumerates Amazon S3 buckets and looks for interesting files.
How To Fix AWS
AWS Simple Storage Service (often shortened to S3) is used by companies that don’t want to build and maintain their own storage repositories. By using Amazon Simple Storage Service, they can store objects and files on a virtual server instead of on physical racks – in simple terms, the service is basically “A Dropbox for IT and Tech teams”. After the user has created their bucket, they can start storing their source code, certificates, passwords, content, databases and other data. While AWS promise safely stored data and secure up-and downloads, the security community has for a long time pointed out severe misconfigurations.
AWSBucketDump S3 Security Tool Requirements :
Non-Standard Python Libraries:
- xmltodict
- requests
- argparse
- Created with Python 3.6
Usage:
usage: AWSBucketDump.py [-h] [-D] [-t THREADS] -l HOSTLIST [-g GREPWORDS] [-m MAXSIZE]
optional arguments:
-h, –help show this help message and exit
-D Download files. This requires significant diskspace
-d If set to 1 or True, create directories for each host w/ results
-t THREADS number of threads
-l HOSTLIST
-g GREPWORDS Provide a wordlist to grep for
-m MAXSIZE Maximum file size to download.
python AWSBucketDump.py -l BucketNames.txt -g interesting_Keywords.txt -D -m 500000 -d 1
Most Popular Training Courses at Indian Cyber Security Solutions:
Summer Training for CSE, IT, BCA & MCA Students
Network Penetration Tester Training
Diploma in Web Application Security
Certified Web Application Penetration Tester
Certified Android Penetration Tester
Cybersecurity services that can protect your company:
Web Security | Web Penetration Testing
Network Penetration Testing – NPT