SSS3 is a simple S3 Bucket testing software. It uses aws cli to search for public buckets in a list of domains/subdomains.
- It requires aws cli installed and configured with a s3 policy defined
- You should have a list of previous enumerated domains/subdomains
- Iterates a list of domains/subdomains
- Tests if a domain/subdomain respond to a bucket and if its permissions for listing are enabled
- Export the result of listing of buckets found
Clone the repository, give +x to script and be happy SSS3 requires AWS CLI to run.
$ git clone https://github.com/halencarjunior/sss3.git
$ chmod +x sss3.sh
$ ./ss3.sh domain.txt -o output.txtYou could start enumerating a domain using Amass
$ amass enum -d example.com -o domains-example-com.txt
$ ./sss3.sh domains-example-com.txt -o output-example-com.txt
Want to contribute? Great! Please send your PR for us and we'll be greateful for your help.
I am grateful for some articles that motivated me to creat that tool
Sidechannel Article by Rodrigo Montoro
Rhynosec Article for Pentesting S3
Thanks for using and help to share please
Free Software, Hell Yeah!