├── regions.txt
├── sss3.sh
└── README.MD


/regions.txt:
--------------------------------------------------------------------------------
 1 | us-east-1
 2 | us-east-2
 3 | us-west-1
 4 | us-west-2
 5 | af-south-1
 6 | ap-east-1
 7 | ap-south-1
 8 | ap-northeast-3
 9 | ap-northeast-2
10 | ap-southeast-1
11 | ap-southeast-2
12 | ap-northeast-1
13 | ca-central-1
14 | cn-north-1
15 | cn-northwest-1
16 | eu-central-1
17 | eu-west-1
18 | eu-west-2
19 | eu-south-1
20 | eu-west-3
21 | eu-north-1
22 | sa-east-1
23 | me-south-1
24 | us-gov-east-1
25 | us-gov-west-1
26 | 


--------------------------------------------------------------------------------
/sss3.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | RED="\033[1;31m"
 4 | GREEN="\033[1;32m"
 5 | YELLOW="\033[1;33m"
 6 | RESET="\033[m"
 7 | VERSION="0.0.1"
 8 | regions='regions.txt'
 9 | BANNER="
10 | ==================================================
11 | SSS3 - Simple Storage Scanner
12 | Search for buckets with listing permission enabled
13 | Version $VERSION
14 | by: bt0 - www.github.com/halencarjunior
15 | =================================================="
16 | # Testing for requirements
17 | if [[ ! $(which aws) ]]; then
18 |     echo "[+] aws cli found."
19 | else
20 |     echo "[-] aws cli not found. Please install it using:\nhttps://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html"
21 | fi
22 | 
23 | if [[ -z $1 ]];
24 | then 
25 |     echo -e "$YELLOW $BANNER $RESET"
26 |     echo -e "Usage: $ $0 domains.txt -o output.txt\n"
27 |     exit 0
28 | fi
29 | 
30 | if [[ -z $2 ]];
31 | then 
32 |     OUTPUTFILE='output.txt'
33 | else
34 |     OUTPUTFILE=$3
35 | fi
36 | 
37 | echo -e "$YELLOW $BANNER $RESET\n"
38 | 
39 | while read line; do
40 | 	while read region; do
41 | 	echo -e "$YELLOW Listing bucket $line on region $region $RESET"
42 | 
43 | 	RESULT=$((aws s3 ls s3://$line/ --region $region) 2>&1)
44 | 	if [[ "$RESULT" == *"Unable to locate credentials"* ]]; then
45 | 		echo -e "$RED   [!] No credentials configured. You must run 'aws configure' .$RESET"
46 | 		exit 0
47 | 	elif [[ "$RESULT" == *"NoSuchBucket"* ]]; then
48 | 		echo -e "$RED	[-] No Such Bucket$RESET"
49 | 	elif [[ "$RESULT" == *"InvalidAccessKeyId"* ]]; then
50 | 		echo -e "$RED	[-] Invalid Access Key Id found. $RESET"
51 | 	else
52 | 		echo -e "$GREEN       [+] Investigate the bucket $line on region $region $RESET"	
53 | 		#Savin the result in a file
54 | 		if [ -f "$line.txt" ];then
55 | 			echo -e "\n-Bucket $line on region $region" >> $OUTPUTFILE
56 | 		else
57 | 			/usr/bin/touch $OUTPUTFILE
58 | 			echo -e "- Bucket $line on region $region" >> $OUTPUTFILE 
59 | 		fi
60 | 		echo -e "\n Listing for Bucket $line \n $RESULT" >> $OUTPUTFILE
61 | 	fi
62 | 	#echo -e "\n"
63 | 	done < $regions
64 | done < $1
65 | 
66 | 


--------------------------------------------------------------------------------
/README.MD:
--------------------------------------------------------------------------------
 1 | # SSS3
 2 | ## _Simple Storage Scanner_
 3 | [![License: GPL v3](https://img.shields.io/badge/License-GPL%20v3-blue.svg)](http://www.gnu.org/licenses/gpl-3.0)
 4 | 
 5 | SSS3 is a simple S3 Bucket testing software. It uses aws cli to search for public buckets in a list of domains/subdomains. 
 6 | 
 7 | ## Basic Requirements
 8 | 
 9 | - It requires aws cli installed and configured with a s3 policy defined
10 | - You should have a list of previous enumerated domains/subdomains
11 | 
12 | ## Features
13 | 
14 | - Iterates a list of domains/subdomains
15 | - Tests if a domain/subdomain respond to a bucket and if its permissions for listing are enabled
16 | - Export the result of listing of buckets found
17 | 
18 | ## Installation
19 | 
20 | Clone the repository, give +x to script and be happy
21 | SSS3 requires [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-linux.html) to run.
22 | 
23 | ```sh
24 | $ git clone https://github.com/halencarjunior/sss3.git
25 | $ chmod +x sss3.sh
26 | $ ./ss3.sh domain.txt -o output.txt
27 | ```
28 | 
29 | ## Usage example
30 | 
31 | You could start enumerating a domain using [Amass](https://github.com/OWASP/Amass/blob/master/doc/user_guide.md)
32 | 
33 | ```sh
34 | $ amass enum -d example.com -o domains-example-com.txt
35 | $ ./sss3.sh domains-example-com.txt -o output-example-com.txt
36 | ```
37 | 
38 | [![asciicast](https://asciinema.org/a/uDBv5uQ60Mtlc868lsfWZAJ5O.svg)](https://asciinema.org/a/uDBv5uQ60Mtlc868lsfWZAJ5O)
39 | 
40 | ## Development
41 | 
42 | Want to contribute? Great! Please send your PR for us and we'll be greateful for your help.
43 | 
44 | ## References
45 | 
46 | I am grateful for some articles that motivated me to creat that tool
47 | 
48 | [Sidechannel Article by Rodrigo Montoro](https://sidechannel.blog/enumerando-servicos-em-contas-aws-amazon-web-services-de-forma-anonima-e-nao-autenticada/index.html)
49 | 
50 | [Rhynosec Article for Pentesting S3](https://rhinosecuritylabs.com/penetration-testing/penetration-testing-aws-storage/)
51 | 
52 | Thanks for using and help to share please
53 | 
54 | **Free Software, Hell Yeah!**
55 | 


--------------------------------------------------------------------------------