This tool is based in S3Cruze tool of @JR0ch17. Translated from python2 to python3, remove the feature of bruteforce. The other feature still remains and upgraded. You can check a single domain or a subdomain list from your recon results. This tool will get the CNAME first if it's a valid Amazon s3 bucket and if it's not, it will try to check if the domain is a bucket name. You can also try both in single domain option (but not available with subdomain list option).
$ git clone https://github.com/0xspade/s3cario.git
$ cd s3cario
$ pip3 install -r requirements.txt
OR
$ git clone https://github.com/0xspade/s3cario.git
$ cd s3cario
$ python3 -m pip install -r requirements.txt
AWS-CLI
$ aws configure
AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]:
Default output format [None]:
Single domain/subdomain
python3 s3cario.py -d test.example.com -t -u -r --all
Subdomain list
python3 s3cario.py -dL subdomain_list.txt -s -u -r --all
pipe it from another tools
subfinder -d example.com -nW -silent | python3 s3cario.py --pipe -t -u -r --all
$ python3 s3cario.py -h
███████╗██████╗ ██████╗ █████╗ ██████╗ ██╗ ██████╗
██╔════╝╚════██╗██╔════╝██╔══██╗██╔══██╗██║██╔═══██╗
███████╗ █████╔╝██║ ███████║██████╔╝██║██║ ██║
╚════██║ ╚═══██╗██║ ██╔══██║██╔══██╗██║██║ ██║
███████║██████╔╝╚██████╗██║ ██║██║ ██║██║╚██████╔╝
╚══════╝╚═════╝ ╚═════╝╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═════╝ v0.2
@0xspade
usage: s3cario.py [-h] [-d [DOMAIN]] [-dL [DOMAINLIST]] [--pipe] [-t] [-s] [-v] [-u] [-r] [-a] [-p] [-c] [-rP] [-w] [-l] [--all]
optional arguments:
-h, --help show this help message and exit
-d [DOMAIN], --domain [DOMAIN]
Target Domain or Subdomain
-dL [DOMAINLIST], --domainList [DOMAINLIST]
Target Domain/Subdomain list
--pipe Read domains in pipe
-t, --test Test the domain also
-s, --silent No Errors
-v, --view List files bucket
-u, --upload Upload to bucket
-r, --remove Delete file after upload
-a, --acl View ACL configuration
-p, --policy View bucket policy
-c, --cors View CORS configuration
-rP, --replication View replication configuration
-w, --website View website configuration
-l, --location View bucket location
--all View ALL configuration
This tool is for bug bounty or gray box penetration testing only. Be responsible with your action using my tool. I'm not responsible for the others action who misuse my tool.
My code is look like a copy paste and a shitty "if and else" code. But as long as it's working, I guess it's a good to go tool :)
Feel free to translate it to golang.
Free $100 in DigitalOcean, just click the link below :D