{"id":4576,"date":"2019-07-02T07:17:41","date_gmt":"2019-07-02T01:47:41","guid":{"rendered":"https:\/\/qadit.com\/blog\/?p=4576"},"modified":"2019-07-02T07:17:41","modified_gmt":"2019-07-02T01:47:41","slug":"slurp-amazon-aws-s3-bucket-enumerator","status":"publish","type":"post","link":"https:\/\/qadit.com\/blog\/slurp-amazon-aws-s3-bucket-enumerator\/","title":{"rendered":"Slurp \u2013 Amazon AWS S3 Bucket Enumerator"},"content":{"rendered":"<div>\n<section>\n<p>Slurp is a blackbox\/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan from an external perspective or an AWS API to scan internally.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.darknet.org.uk\/wp-content\/uploads\/2019\/07\/Slurp-Amazon-AWS-S3-Bucket-Enumerator-640x285.png\" alt=\"Slurp - Amazon AWS S3 Bucket Enumerator\" \/><\/p>\n<p align=\"center\">&#013; &#013; <ins \/>&#013; <\/p>\n<p><\/p>\n<p>There are two modes that this tool operates at; blackbox and whitebox mode. Whitebox mode (or internal) is significantly faster than blackbox (external) mode.<\/p>\n<p><strong>Blackbox (external)<\/strong><\/p>\n<p>In this mode, you are using the permutations list to conduct scans. It will return false positives and there is <strong>NO WAY<\/strong> to link the buckets to an actual AWS account.<\/p>\n<p><strong>Whitebox (internal)<\/strong><\/p>\n<p>In this mode, you are using the AWS API with credentials on a specific account that you own to see what is open. This method pulls all S3 buckets and checks Policy\/ACL permissions. Your credentials should be in <code>~\/.aws\/credentials<\/code>.<\/p>\n<h2>Slurp &#8211; Amazon AWS S3 Bucket Enumerator Features<\/h2>\n<p>The main features of Slurp are:<\/p>\n<ul>\n<li>Scan via domain(s); you can target a single domain or a list of domains<\/li>\n<li>Scan via keyword(s); you can target a single keyword or a list of keywords<\/li>\n<li>Scan via AWS credentials; you can target your own AWS account to see which buckets have been exposed<\/li>\n<li>Colorized output for visual grep<\/li>\n<li>Currently generates over 28,000 permutations per domain and keyword<\/li>\n<li>Punycode support for internationalized domains<\/li>\n<\/ul>\n<p align=\"center\">&#013; &#013; <ins \/>&#013; <\/p>\n<p><\/p>\n<h3>Usage of Slurp S3 Bucket Enumerator<\/h3>\n<p>Will enumerate the S3 domains for a specific target:<\/p>\n<p \/>&#013; &#013; <\/p>\n<div id=\"crayon-5d19a9ad86265514724939\">&#013; &#013; &#013; <\/p>\n<p \/>&#013; <\/p>\n<p \/>&#013; <\/p>\n<div>&#013; <\/p>\n<table>\n<tr>\n<td>&#013; &#013; <\/td>\n<p>&#013; <\/p>\n<td>\n<div>\n<p id=\"crayon-5d19a9ad86265514724939-1\"><span>slurp <\/span><span>domain<\/span><span> <\/span><span>&lt;<\/span><span>&#8211;<\/span><span>t<\/span><span>|<\/span><span>&#8212;<\/span><span>target<\/span><span>&gt;<\/span><span> <\/span><span>example<\/span><span>.<\/span><span>com<\/span><\/p>\n<\/div>\n<\/td>\n<p>&#013; <\/tr>\n<\/table>\n<\/div>\n<p>&#013; <\/p><\/div>\n<p>&#013; &#013; <\/p>\n<p \/>\n<p>Will enumerate S3 buckets based on those 3 key words (linux, golang &amp; python):<\/p>\n<p \/>&#013; &#013; <\/p>\n<div id=\"crayon-5d19a9ad86277227638687\">&#013; &#013; &#013; <\/p>\n<p \/>&#013; <\/p>\n<p \/>&#013; <\/p>\n<div>&#013; <\/p>\n<table>\n<tr>\n<td>&#013; &#013; <\/td>\n<p>&#013; <\/p>\n<td>\n<div>\n<p id=\"crayon-5d19a9ad86277227638687-1\"><span>slurp <\/span><span>keyword<\/span><span> <\/span><span>&lt;<\/span><span>&#8211;<\/span><span>t<\/span><span>|<\/span><span>&#8212;<\/span><span>target<\/span><span>&gt;<\/span><span> <\/span><span>linux<\/span><span>,<\/span><span>golang<\/span><span>,<\/span><span>python<\/span><\/p>\n<\/div>\n<\/td>\n<p>&#013; <\/tr>\n<\/table>\n<\/div>\n<p>&#013; <\/p><\/div>\n<p>&#013; &#013; <\/p>\n<p \/>\n<p>Will perform an internal scan using the AWS API:<\/p>\n<p \/>&#013; &#013; &#013; &#013; <\/p>\n<p \/>\n<p>You can download Slurp here:<\/p>\n<p><a href=\"https:\/\/github.com\/hehnope\/slurp\/releases\/download\/1.0.0\/slurp.tar.gz\">slurp.tar.gz<\/a><\/p>\n<p>Or you can read more <a href=\"https:\/\/github.com\/hehnope\/slurp\">here<\/a>.<\/p>\n<p \/> <\/section>\n<\/div>\n<p><b>Read the Full Article here: <a href=\"https:\/\/www.darknet.org.uk\">&gt;Darknet &#8211; The Darkside<\/a><\/b><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Slurp is a blackbox\/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan from an external perspective or an AWS API to scan internally. &#013; &#013; &#013; There are two modes that this tool operates at; blackbox and whitebox mode. Whitebox mode (or internal) is significantly faster than blackbox (external) &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/qadit.com\/blog\/slurp-amazon-aws-s3-bucket-enumerator\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Slurp \u2013 Amazon AWS S3 Bucket Enumerator&#8221;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[12],"tags":[293],"class_list":["post-4576","post","type-post","status-publish","format-standard","hentry","category-itsec","tag-wonder-information"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9AH7Q-1bO","_links":{"self":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/4576","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/comments?post=4576"}],"version-history":[{"count":1,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/4576\/revisions"}],"predecessor-version":[{"id":4577,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/4576\/revisions\/4577"}],"wp:attachment":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/media?parent=4576"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/categories?post=4576"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/tags?post=4576"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}