Skip to content

Latest commit

 

History

History
72 lines (55 loc) · 2.37 KB

README.md

File metadata and controls

72 lines (55 loc) · 2.37 KB

S3Khoj

S3Khoj, is a robust tool designed for pentesters to extract juicy information from the public accessible S3 buckets. "Khoj", a Nepali word meaning search or explore, perfectly encapsulates the tool's functionality for searching sensitive files within them.

Blog about S3Khoj.

Installation

Manual

git clone https://github.com/ajutamangdev/S3Khoj
cd S3Khoj
make build
./S3Khoj -h

Ensure you have installed go in your machine for the build process.

Build S3khoj uusing Docker locally

docker build -t S3Khoj .

Pull S3khoj docker image using DockerHub

docker pull ajutamangdev/s3khoj 

You can also download the binary from https://github.com/ajutamangdev/S3Khoj/releases and installed on your machine.

Usage

You can check with the help flag by executing the given command.

> S3Khoj -h
S3Khoj is a inspector tool that help pentesters to extract juicy information from the public accessible S3 buckets.

Usage:
  S3Khoj [flags]

Flags:
  -b, --bucket string   Name of the s3 bucket to check
  -d, --download        Download all public files
  -h, --help            help for S3Khoj
  -o, --output string   Output format: text, json, csv, or html (default "text")
  -w, --source string   Custom Wordlist configuration file

Example

S3Khoj -b name-of-the-bucket

If you are running from Docker, you have to mount the volumes.

docker run -v $(pwd):/app -w /app s3 -b bucket-name -o html

For Custom regex configuration

S3Khoj -b name-of-the-bucket -w custom-config.txt

License

S3khoj is distributed under MIT License