xs3scann3r is a command-line interface (CLI) utility to scan S3 bucket permissions.
- Scans all bucket permissions to find misconfigurations
Visit the releases page and find the appropriate archive for your operating system and architecture. Download the archive from your browser or copy its URL and retrieve it with wget or curl:
-
...with
wget:wget https://github.com/hueristiq/xs3scann3r/releases/download/v<version>/xs3scann3r-<version>-linux-amd64.tar.gz
-
...or, with
curl:curl -OL https://github.com/hueristiq/xs3scann3r/releases/download/v<version>/xs3scann3r-<version>-linux-amd64.tar.gz
...then, extract the binary:
tar xf xs3scann3r-<version>-linux-amd64.tar.gzTIP: The above steps, download and extract, can be combined into a single step with this onliner
curl -sL https://github.com/hueristiq/xs3scann3r/releases/download/v<version>/xs3scann3r-<version>-linux-amd64.tar.gz | tar -xzv
NOTE: On Windows systems, you should be able to double-click the zip archive to extract the xs3scann3r executable.
...move the xs3scann3r binary to somewhere in your PATH. For example, on GNU/Linux and OS X systems:
sudo mv xs3scann3r /usr/local/bin/NOTE: Windows users can follow How to: Add Tool Locations to the PATH Environment Variable in order to add xs3scann3r to their PATH.
Before you install from source, you need to make sure that Go is installed on your system. You can install Go by following the official instructions for your operating system. For this, we will assume that Go is already installed.
go install -v github.com/hueristiq/xs3scann3r/cmd/xs3scann3r@latest-
Clone the repository
git clone https://github.com/hueristiq/xs3scann3r.git
-
Build the utility
cd xs3scann3r/cmd/xs3scann3r && \ go build .
-
Move the
xs3scann3rbinary to somewhere in yourPATH. For example, on GNU/Linux and OS X systems:sudo mv xs3scann3r /usr/local/bin/
NOTE: Windows users can follow How to: Add Tool Locations to the PATH Environment Variable in order to add
xs3scann3rto theirPATH.
NOTE: While the development version is a good way to take a peek at xs3scann3r's latest features before they get released, be aware that it may have bugs. Officially released versions will generally be more stable.
NOTE: To use this tool awscli is required to have been installed and configured.
To display help message for xs3scann3r use the -h flag:
`xs3scann3r` -h
help message:
_____ _____
__ _____|___ / ___ ___ __ _ _ __ _ __ |___ / _ __
\ \/ / __| |_ \/ __|/ __/ _` | '_ \| '_ \ |_ \| '__|
> <\__ \___) \__ \ (_| (_| | | | | | | |___) | |
/_/\_\___/____/|___/\___\__,_|_| |_|_| |_|____/|_| v0.0.0
A CLI utility to scan S3 buckets permissions.
USAGE:
xs3scann3r [OPTIONS]
INPUT:
-i, --input input file (use `-` to get from stdin)
CONFIGURATIONS:
-c, --concurrency number of concurrent threads (default: 10)
-d, --dump location to dump objects
OUTPUT:
-m, --monochrome disable output content coloring
-v, --verbosity debug, info, warning, error, fatal or silent (default: info)
xs3scann3r takes buckets in the format:
- Name - e.g.
flaws.cloud - URL style - e.g.
s3://flaws.cloud - Path style - e.g
https://s3.amazonaws.com/flaws.cloud - Virtual Hosted style - e.g
flaws.cloud.s3.amazonaws.com
Possible permissions for buckets:
- Read - List and view all files
- Write - Write files to bucket
- Read ACP - Read all Access Control Policies attached to bucket
- Write ACP - Write Access Control Policies to bucket
- Full Control - All above permissions
Issues and Pull Requests are welcome! Check out the contribution guidelines.
This utility is distributed under the MIT license