SSS3 is a simple S3 Bucket testing software. It uses aws cli to search for public buckets in a list of domains/subdomains.
SSS3
Simple Storage Scanner
Basic Requirements
- It requires aws cli installed and configured with a s3 policy defined
- You should have a list of previous enumerated domains/subdomains
Features
- Iterates a list of domains/subdomains
- Tests if a domain/subdomain respond to a bucket and if its permissions for listing are enabled
- Export the result of listing of buckets found
Installation
Clone the repository, give +x to script and be happy SSS3 requires AWS CLI to run.
$ git clone https://github.com/halencarjunior/sss3.git
$ chmod +x sss3.sh
$ ./ss3.sh domain.txt -o output.txt
Usage example
You could start enumerating a domain using Amass
$ amass enum -d example.com -o domains-example-com.txt
$ ./sss3.sh domains-example-com.txt -o output-example-com.txt
Development
Want to contribute? Great! Please send your PR for us and we’ll be greateful for your help.
References
I am grateful for some articles that motivated me to creat that tool
Sidechannel Article by Rodrigo Montoro
Rhynosec Article for Pentesting S3
Thanks for using and help to share please
Free Software, Hell Yeah!