├── .gitignore ├── CONTRIBUTING.md ├── ISSUE_TEMPLATE.md ├── LICENSE ├── README.md ├── list.txt └── main.go /.gitignore: -------------------------------------------------------------------------------- 1 | 2 | *.iml 3 | *.xml 4 | s3-bucket.txt 5 | cf-url.txt 6 | cloudfront.csv 7 | s3-bucket.csv 8 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | 2 | ## Getting involved 3 | * Submit a PR request and the output against the default list.txt. 4 | * Please comment each function if possible to help me and other follow. 5 | * Feel free to get in touch via Twitter! [@random_robbie](https://www.twitter.com/random_robbie/) 6 | -------------------------------------------------------------------------------- /ISSUE_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | 4 | 5 | ## Specifications 6 | 7 | - [ ] I have searched for duplicate or closed [issues](https://github.com/random-robbie/AWS-Scanner/issues). 8 | - [ ] Operating system and aws-scanner version: 9 | - [ ] I have a screenshot ready 10 | 11 | ## Issue details 12 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | This is free and unencumbered software released into the public domain. 2 | 3 | Anyone is free to copy, modify, publish, use, compile, sell, or 4 | distribute this software, either in source code form or as a compiled 5 | binary, for any purpose, commercial or non-commercial, and by any 6 | means. 7 | 8 | In jurisdictions that recognize copyright laws, the author or authors 9 | of this software dedicate any and all copyright interest in the 10 | software to the public domain. We make this dedication for the benefit 11 | of the public at large and to the detriment of our heirs and 12 | successors. We intend this dedication to be an overt act of 13 | relinquishment in perpetuity of all present and future rights to this 14 | software under copyright law. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 17 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 18 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 19 | IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR 20 | OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, 21 | ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR 22 | OTHER DEALINGS IN THE SOFTWARE. 23 | 24 | For more information, please refer to 25 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # AWS-Scanner 2 | 3 | 4 | ``` 5 | /$$$$$$ /$$ /$$ /$$$$$$ /$$$$$$ 6 | /$$__ $$| $$ /$ | $$ /$$__ $$ /$$__ $$ 7 | | $$ \ $$| $$ /$$$| $$| $$ \__/ | $$ \__/ /$$$$$$$ /$$$$$$ /$$$$$$$ /$$$$$$$ /$$$$$$ /$$$$$$ 8 | | $$$$$$$$| $$/$$ $$ $$| $$$$$$ /$$$$$$| $$$$$$ /$$_____/ |____ $$| $$__ $$| $$__ $$ /$$__ $$ /$$__ $$ 9 | | $$__ $$| $$$$_ $$$$ \____ $$|______/ \____ $$| $$ /$$$$$$$| $$ \ $$| $$ \ $$| $$$$$$$$| $$ \__/ 10 | | $$ | $$| $$$/ \ $$$ /$$ \ $$ /$$ \ $$| $$ /$$__ $$| $$ | $$| $$ | $$| $$_____/| $$ 11 | | $$ | $$| $$/ \ $$| $$$$$$/ | $$$$$$/| $$$$$$$| $$$$$$$| $$ | $$| $$ | $$| $$$$$$$| $$ 12 | |__/ |__/|__/ \__/ \______/ \______/ \_______/ \_______/|__/ |__/|__/ |__/ \_______/|__/ 13 | ``` 14 | 15 | 16 | 17 | 18 | 19 | Scans a list of websites for Cloudfront or S3 Buckets. 20 | 21 | This will output a text file with URL,CF or URL,s3bucketurl 22 | 23 | 24 | 25 | 26 | 27 | 28 | THIS IS A WORK IN PROGRESS! (currently broken as it will write in windows but not in linux) 29 | 30 | 31 | Install 32 | ------ 33 | 34 | ``` 35 | go get github.com/fatih/color 36 | go build main.go 37 | ./main --list list.txt 38 | ``` 39 | 40 | Release's 41 | ----- 42 | 43 | Pre-built binarys are avaliable on the [releases](https://github.com/random-robbie/AWS-Scanner/releases/download/v0.1/Releases-Beta.zip) tab. 44 | 45 | 46 | 47 | 48 | 49 | Screenshot 50 | ------ 51 | 52 | [![Capture.png](https://s9.postimg.org/a0a819pnj/Capture.png)](https://postimg.org/image/y40zpk84b/) 53 | 54 | 55 | Notes 56 | ----- 57 | 58 | Input must be with out https:// as this is hardcoded at the moment. 59 | 60 | 61 | 62 | To Do 63 | ----- 64 | 65 | [ ] Fix bugs like the one on CNN.com where they dont close the dir and it grabs a load of messy js 66 | 67 | 68 | [ ] Auto detect if prefix is needed or not 69 | 70 | 71 | 72 | [ ] get rid of the mass regex functions and try do it as one. 73 | 74 | 75 | Thanks 76 | ---- 77 | [Glove](https://github.com/Glove) 78 | 79 | Use a VPS from DO 80 | 81 | [![DigitalOcean Referral Badge](https://web-platforms.sfo2.cdn.digitaloceanspaces.com/WWW/Badge%201.svg)](https://www.digitalocean.com/?refcode=e22bbff5f6f1&utm_campaign=Referral_Invite&utm_medium=Referral_Program&utm_source=badge) 82 | -------------------------------------------------------------------------------- /list.txt: -------------------------------------------------------------------------------- 1 | bonusway.fi 2 | google.co.uk 3 | github.com 4 | wikia.com 5 | tigerair.com.au 6 | www.nandosperiperi.com 7 | cnn.com 8 | github.com 9 | hackerone-ext-content.com 10 | cash.me 11 | square.com 12 | squareup.com 13 | buddypress.org 14 | wordcamp.org 15 | wordpress.net 16 | wordpress.org 17 | periscope.tv 18 | pscp.tv 19 | twimg.com 20 | twitter.com 21 | vine.co 22 | commerce.coinbase.com 23 | irccloud-cdn.com 24 | irccloud.com 25 | urbandictionary.com 26 | urbandictionary.net 27 | algolia.net 28 | algolianet.com 29 | ubnt.com 30 | airbnb.com 31 | booztx.com 32 | grab.co 33 | grab.com 34 | grabtaxi.com 35 | myteksi.com 36 | myteksi.net 37 | goodhire.com 38 | identity.com 39 | newrelic.com 40 | zomato.com 41 | quora.com 42 | icq.com 43 | icq.net 44 | vanillacommunities.com 45 | vanilladevelopment.com 46 | vanillaforums.com 47 | vanillastaging.com 48 | corp.cuvva.co 49 | int.cuvva.co 50 | sys.cuvva.co 51 | vendor.cuvva.co 52 | electroneum.com 53 | bitdefender.com 54 | bitdefender.net 55 | blinksale.com 56 | bugcrowd.com 57 | ikarem.io 58 | meraki.com 59 | network-auth.com 60 | creditkarma.com 61 | cylance.com 62 | digitaloceanspaces.com 63 | freelancer.com 64 | freemarket.com 65 | warriorforum.com 66 | gojekapi.com 67 | getsidekick.com 68 | hs-sites.com 69 | hubapi.com 70 | hubspot.com 71 | hubspot.net 72 | inbound.org 73 | indeed.com 74 | jet.com 75 | notjet.net 76 | nolimitvpn.com 77 | instapaper.com 78 | pinterest.com 79 | purevpn.com 80 | simple.com 81 | astaro-tech.com 82 | astaro.at 83 | astaro.ch 84 | astaro.com 85 | astaro.de 86 | astaro.info 87 | astaro.net 88 | astaro.org 89 | cyberoam.com 90 | fw-notify.net 91 | hitmanpro.com 92 | hitmanpro.nl 93 | mojave.net 94 | myastaro.com 95 | reflexion.net 96 | sophos.com 97 | surfright.nl 98 | who-is-using-me.com 99 | statuspage.io 100 | tesla.cn 101 | tesla.com 102 | tesla.services 103 | teslamotors.com 104 | authy.com 105 | twilio.com 106 | youneedabudget.com -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- 1 | 2 | package main 3 | 4 | import ( 5 | "bufio" 6 | "bytes" 7 | "crypto/tls" 8 | "flag" 9 | "fmt" 10 | "io" 11 | "io/ioutil" 12 | "net" 13 | "net/http" 14 | "os" 15 | "regexp" 16 | "strings" 17 | "time" 18 | 19 | "github.com/fatih/color" 20 | ) 21 | 22 | 23 | 24 | 25 | var ( 26 | tr = &http.Transport{TLSClientConfig: &tls.Config{InsecureSkipVerify: true}} 27 | list = flag.String("list", "list.txt", "Default: list.txt") 28 | s3path = "s3-bucket.csv" 29 | cfpath = "cloudfront.csv" 30 | awsurls = []string { 31 | "http://s3.amazonaws.com/([-A-z0-9.]+)", 32 | "https://s3.amazonaws.com/([-A-z0-9.]+)", 33 | "//s3.amazonaws.com/([-A-z0-9.]+)", 34 | "http://([-A-z0-9.]+).amazonaws.com", 35 | "https://([-A-z0-9.]+).amazonaws.com", 36 | "//([-A-z0-9.]+).amazonaws.com", 37 | "http://(s3.|s3-)[a-zA-Z0-9-]*.amazonaws.com/([-A-z0-9.]+)", 38 | "https://(s3.|s3-)[a-zA-Z0-9-]*.amazonaws.com/([-A-z0-9.]+)", 39 | "//(s3.|s3-)[a-zA-Z0-9-]*.amazonaws.com/([-A-z0-9.]+)", 40 | 41 | } 42 | 43 | cloudfronturls = []string { 44 | "https://(.+?).cloudfront.net/", 45 | "http://(.+?).cloudfront.net/", 46 | "//(.+?).cloudfront.net/", 47 | } 48 | 49 | ) 50 | 51 | 52 | func isError(err error) bool { 53 | if err != nil { 54 | fmt.Println(err.Error()) 55 | } 56 | 57 | return err != nil 58 | } 59 | 60 | 61 | 62 | // Read a whole file into the memory and store it as array of lines 63 | func readLines(path string) (lines []string, err error) { 64 | var ( 65 | file *os.File 66 | part []byte 67 | prefix bool 68 | ) 69 | if file, err = os.Open(path); err != nil { 70 | return 71 | } 72 | defer file.Close() 73 | 74 | reader := bufio.NewReader(file) 75 | buffer := bytes.NewBuffer(make([]byte, 0)) 76 | for { 77 | if part, prefix, err = reader.ReadLine(); err != nil { 78 | break 79 | } 80 | buffer.Write(part) 81 | if !prefix { 82 | lines = append(lines, buffer.String()) 83 | buffer.Reset() 84 | } 85 | } 86 | if err == io.EOF { 87 | err = nil 88 | } 89 | return 90 | } 91 | 92 | 93 | 94 | // write file of s3bucket 95 | func writes3bucket(s3bucket,url,s3path string){ 96 | 97 | //check if file exists 98 | if _, err := os.Stat(s3path); os.IsNotExist(err) { 99 | // create file if not exists 100 | if os.IsNotExist(err) { 101 | var file, err = os.Create(s3path) 102 | if isError(err) { return } 103 | defer file.Close() 104 | } 105 | } 106 | 107 | 108 | fileHandle, _ := os.OpenFile(s3path, os.O_RDWR, 0644) 109 | writer := bufio.NewWriter(fileHandle) 110 | defer fileHandle.Close() 111 | stringtolog := fmt.Sprintf("%s,%s",url,s3bucket) 112 | fmt.Fprintln(writer,stringtolog) 113 | writer.Flush() 114 | } 115 | 116 | // write file of s3bucket 117 | func writecf(cf,url,cfpath string){ 118 | 119 | //check if file exists 120 | if _, err := os.Stat(cfpath); os.IsNotExist(err) { 121 | // create file if not exists 122 | if os.IsNotExist(err) { 123 | var file, err = os.Create(cfpath) 124 | if isError(err) { return } 125 | defer file.Close() 126 | } 127 | } 128 | 129 | 130 | fileHandle, _ := os.OpenFile(s3path, os.O_RDWR, 0644) 131 | writer := bufio.NewWriter(fileHandle) 132 | defer fileHandle.Close() 133 | stringtolog := fmt.Sprintf("%s,%s",url,cf) 134 | fmt.Fprintln(writer,stringtolog) 135 | writer.Flush() 136 | } 137 | 138 | func runAWSCheck (responseString,url string) { 139 | for _, each := range awsurls { 140 | re, _ := regexp.Compile(each) 141 | cf := re.FindString(responseString) 142 | 143 | if cf != "" { 144 | s3bucket := fmt.Sprintf("%s",cf) 145 | color.HiGreen("[*] Logging... %s\n",s3bucket) 146 | writes3bucket(cf,url,s3path) 147 | } 148 | } 149 | } 150 | 151 | //noinspection GoUnresolvedReference 152 | func runCloudfrontCheck (responseString,url string) { 153 | for _, each := range cloudfronturls { 154 | re, _ := regexp.Compile(each) 155 | cf := re.FindString(responseString) 156 | 157 | if cf != "" { 158 | s3bucket := fmt.Sprintf("%s",cf) 159 | color.HiGreen("[*] Logging... %s\n",s3bucket) 160 | writecf(cf,url,cfpath) 161 | } 162 | } 163 | } 164 | 165 | func main () { 166 | // Parse the flags provided 167 | flag.Parse() 168 | color.HiGreen("[*] [*]\n") 169 | color.HiGreen("[*] AWS Scanner - By @random_robbie [*]\n") 170 | color.HiGreen("[*] [*]\n") 171 | color.HiGreen("[*] [*]\n") 172 | color.HiGreen("[*] S3 Buckets for the Win [*]\n") 173 | color.HiGreen("[*] [*]\n") 174 | color.HiGreen("[*] Version 1.0 [*]\n\n\n\n") 175 | 176 | //Check the server is not blank or empty 177 | if *list == "" { 178 | flag.PrintDefaults() 179 | os.Exit(1) 180 | } 181 | 182 | //read list line by line 183 | lines, err := readLines(*list) 184 | if err != nil { 185 | fmt.Println("Error: %s\n", err) 186 | return 187 | } 188 | for _, line := range lines { 189 | 190 | //Print Scanning Website 191 | attempt := fmt.Sprintf("[*] Scanning Website https://%s\n", line) 192 | color.HiWhite(attempt) 193 | 194 | url := fmt.Sprintf("https://%s", line) 195 | tr := &http.Transport{ 196 | TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, 197 | Dial: (&net.Dialer{ 198 | Timeout: 30 * time.Second, 199 | KeepAlive: 30 * time.Second, 200 | }).Dial, 201 | TLSHandshakeTimeout: 10 * time.Second, 202 | ResponseHeaderTimeout: 10 * time.Second, 203 | ExpectContinueTimeout: 1 * time.Second, 204 | } 205 | // Do not verify certificates 206 | client := &http.Client{ 207 | Transport: tr, 208 | } 209 | 210 | // Create HEAD request with random user agent. 211 | req, _ := http.NewRequest("GET", url, nil) 212 | req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0") 213 | 214 | if resp, err := client.Do(req); err == nil { 215 | 216 | defer resp.Body.Close() 217 | body, err := ioutil.ReadAll(resp.Body) 218 | responseString := string(body) 219 | if err != nil { 220 | panic(err) 221 | } 222 | //If amazonaws.com is found signal bucket found 223 | if strings.Contains(responseString, "amazonaws.com") == true { 224 | color.HiGreen("[*] S3 bucket found!\n") 225 | runAWSCheck(responseString, url) 226 | } 227 | //find Cloudfront distribution end point. 228 | if strings.Contains(responseString, "cloudfront.net") == true { 229 | color.HiGreen("[*] Cloudfront found!\n") 230 | runCloudfrontCheck(responseString, url) 231 | 232 | } else { 233 | color.HiRed("[*] Moving to Next Site\n") 234 | } 235 | } 236 | } 237 | 238 | } --------------------------------------------------------------------------------