STRLCPY/s3reverse

Updated
hahwul committed 4 years ago

e8fe5c14

1 parent c41d2771

■ ■ ■ ■ ■ ■ ■

README.md

1	1		# s3reverse
	2	+	## Install
	3	+	```cassandraql
	4	+	$ go get -u github/hahwul/s3reverse
	5	+	```
2	6		## Usage
3		-	j
	7	+	### Input options
	8	+	Basic Usage
	9	+	```cassandraql
	10	+
	11	+	8""""8 eeee 8"""8 8"""" 88 8 8"""" 8"""8 8""""8 8""""
	12	+	8 8 8 8 8 88 8 8 8 8 8 8
	13	+	8eeeee 8 8eee8e 8eeee 88 e8 8eeee 8eee8e 8eeeee 8eeee
	14	+	88 eee8 eeee 88 8 88 "8 8 88 88 8 88 88
	15	+	e 88 88 88 8 88 8 8 88 88 8 e 88 88
	16	+	8eee88 eee88 88 8 88eee 8ee8 88eee 88 8 8eee88 88eee
	17	+
	18	+	by @hahwul
	19	+
	20	+	Usage of ./s3reverse:
	21	+	-iL string
	22	+	input List
	23	+	-oA string
	24	+	Write output in Array format (optional)
	25	+	-oN string
	26	+	Write output in Normal format (optional)
	27	+	-tN
	28	+	to name
	29	+	-tP
	30	+	to path-style
	31	+	-tS
	32	+	to s3 url
	33	+	-tV
	34	+	to virtual-hosted-style
	35	+	-verify
	36	+	testing bucket(acl,takeover)
	37	+	```
	38	+	Using from file
	39	+	```cassandraql
	40	+	$ s3reverse -iL sample -tN
	41	+	udemy-web-upload-transitional
	42	+	github-cloud
	43	+	github-production-repository-file-5c1aeb
	44	+	github-production-upload-manifest-file-7fdce7
	45	+	github-production-user-asset-6210df
	46	+	github-education-web
	47	+	github-jobs
	48	+	s3-us-west-2.amazonaws.com
	49	+	optimizely
	50	+	app-usa-modeast-prod-a01239f
	51	+	doc
	52	+	swipely-merchant-assets
	53	+	adslfjasldfkjasldkfjalsdfkajsljasldf
	54	+	cbphotovideo
	55	+	cbphotovideo-eu
	56	+	public.chaturbate.com
	57	+	wowdvr
	58	+	cbvideoupload
	59	+	testbuckettesttest
	60	+	```
	61	+	Using from pipeline
	62	+	```cassandraql
	63	+	$ cat sample \| s3reverse -tN
	64	+	udemy-web-upload-transitional
	65	+	github-cloud
	66	+	github-production-repository-file-5c1aeb
	67	+	github-production-upload-manifest-file-7fdce7
	68	+	github-production-user-asset-6210df
	69	+	github-education-web
	70	+	github-jobs
	71	+	s3-us-west-2.amazonaws.com
	72	+	optimizely
	73	+	app-usa-modeast-prod-a01239f
	74	+	doc
	75	+	swipely-merchant-assets
	76	+	adslfjasldfkjasldkfjalsdfkajsljasldf
	77	+	cbphotovideo
	78	+	cbphotovideo-eu
	79	+	public.chaturbate.com
	80	+	wowdvr
	81	+	cbvideoupload
	82	+	testbuckettesttest
	83	+	```
	84	+
	85	+	### Output options
	86	+	to Name
	87	+	```cassandraql
	88	+	$ s3reverse -iL sample -tN
	89	+	udemy-web-upload-transitional
	90	+	github-cloud
	91	+	github-production-repository-file-5c1aeb
	92	+	github-production-upload-manifest-file-7fdce7
	93	+	... snip ...
	94	+	```
	95	+	to Path Style
	96	+	```cassandraql
	97	+	$ s3reverse -iL sample -tP
	98	+	https://s3.amazonaws.com/udemy-web-upload-transitional
	99	+	https://s3.amazonaws.com/github-cloud
	100	+	https://s3.amazonaws.com/github-production-repository-file-5c1aeb
	101	+	... snip ...
	102	+	```
	103	+	to Virtual Hosted Style
	104	+	```cassandraql
	105	+	$ s3reverse -iL sample -tV
	106	+	udemy-web-upload-transitional.s3.amazonaws.com
	107	+	github-cloud.s3.amazonaws.com
	108	+	github-production-repository-file-5c1aeb.s3.amazonaws.com
	109	+	github-production-upload-manifest-file-7fdce7.s3.amazonaws.com
	110	+	github-production-user-asset-6210df.s3.amazonaws.com
	111	+	... snip ...
	112	+	```
	113	+
	114	+	### Verify mode
	115	+	```cassandraql
	116	+	$ s3reverse -iL sample -verify
	117	+	[NoSuchBucket] adslfjasldfkjasldkfjalsdfkajsljasldf
	118	+	[PublicAccessDenied] github-production-user-asset-6210df
	119	+	[PublicAccessDenied] github-jobs
	120	+	[PublicAccessDenied] public.chaturbate.com
	121	+	[PublicAccessDenied] github-education-web
	122	+	[PublicAccessDenied] github-production-repository-file-5c1aeb
	123	+	[PublicAccessDenied] testbuckettesttest
	124	+	[PublicAccessDenied] app-usa-modeast-prod-a01239f
	125	+	[PublicAccessGranted] cbphotovideo-eu
	126	+	[PublicAccessDenied] swipely-merchant-assets
	127	+	[PublicAccessDenied] optimizely
	128	+	[PublicAccessDenied] wowdvr
	129	+	[PublicAccessGranted] s3-us-west-2.amazonaws.com
	130	+	[PublicAccessDenied] cbphotovideo
	131	+	[PublicAccessDenied] cbvideoupload
	132	+	[PublicAccessDenied] github-production-upload-manifest-file-7fdce7
	133	+	[PublicAccessDenied] doc
	134	+	[PublicAccessDenied] udemy-web-upload-transitional
	135	+	[PublicAccessDenied] github-cloud
	136	+	```
	137	+
	138	+	## Case study
	139	+	Pipelining `meg`, `s3reverse`, `gf` , `s3scanner` for Find S3 Misconfiguration.
	140	+	```cassandraql
	141	+	$ meg -d 1000 -v / ; cd out ; gf s3-buckets \| s3reverse -tN > buckets ; s3scanner buckets
	142	+	```
	143	+
	144	+	Find S3 bucket takeover
	145	+	```cassandraql
	146	+	$ meg -d 1000 -v / ; cd out ; gf s3-buckets \| s3reverse -verify \| grep NoSuchBucket > takeovers
	147	+	```

■ ■ ■ ■ ■ ■

main.go

1	+	package main
2	+
3	+	import (
4	+	"bufio"
5	+	"flag"
6	+	"fmt"
7	+	"io/ioutil"
8	+	"net/http"
9	+	"os"
10	+	"regexp"
11	+	"strings"
12	+	"sync"
13	+	)
14	+
15	+	const (
16	+	s3path = "^(s3-\|s3\\.)?(s3.*)\\.amazonaws\\.com"
17	+	s3url = "^s3://*"
18	+	s3vh = "(s3.*)\\.amazonaws\\.com$"
19	+	)
20	+
21	+	func banner() {
22	+	fmt.Println(`
23	+	8""""8 eeee 8"""8 8"""" 88 8 8"""" 8"""8 8""""8 8""""
24	+	8 8 8 8 8 88 8 8 8 8 8 8
25	+	8eeeee 8 8eee8e 8eeee 88 e8 8eeee 8eee8e 8eeeee 8eeee
26	+	88 eee8 eeee 88 8 88 "8 8 88 88 8 88 88
27	+	e 88 88 88 8 88 8 8 88 88 8 e 88 88
28	+	8eee88 eee88 88 8 88eee 8ee8 88eee 88 8 8eee88 88eee
29	+	`)
30	+	fmt.Println("by @hahwul")
31	+	fmt.Println("")
32	+	}
33	+
34	+	func main() {
35	+	// input options
36	+	iL := flag.String("iL", "", "input List")
37	+	// to options
38	+	tN := flag.Bool("tN", false, "to name")
39	+	tS := flag.Bool("tS", false, "to s3 url")
40	+	tP := flag.Bool("tP", false, "to path-style")
41	+	tV := flag.Bool("tV", false, "to virtual-hosted-style")
42	+	verify := flag.Bool("verify", false, "testing bucket(acl,takeover)")
43	+	// output options
44	+	oN := flag.String("oN", "", "Write output in Normal format (optional)")
45	+	oA := flag.String("oA", "", "Write output in Array format (optional)")
46	+	var s3Buckets []string
47	+	flag.Parse()
48	+	if flag.NFlag() == 0 {
49	+	banner()
50	+	flag.Usage()
51	+	return
52	+	}
53	+
54	+	// accept domains on stdin
55	+	if *iL == "" {
56	+	sc := bufio.NewScanner(os.Stdin)
57	+	for sc.Scan() {
58	+	target := strings.ToLower(sc.Text())
59	+	var s3 = identifys3(target)
60	+	if s3 != "" {
61	+	s3Buckets = append(s3Buckets, s3)
62	+	}
63	+	}
64	+	} else {
65	+	target, err := readLinesOrLiteral(*iL)
66	+	_ = err
67	+	for i, s := range target {
68	+	_ = i
69	+	var s3 = identifys3(s)
70	+	if s3 != "" {
71	+	s3Buckets = append(s3Buckets, s3)
72	+	}
73	+	}
74	+
75	+	}
76	+	// Remove Deplicated value
77	+	s3Buckets = unique(s3Buckets)
78	+	// Printing
79	+	if *verify {
80	+	var wg sync.WaitGroup
81	+	for _, s := range s3Buckets {
82	+	wg.Add(1)
83	+	go func(s string) {
84	+	defer wg.Done()
85	+	var DefaultTransport http.RoundTripper = &http.Transport{}
86	+	req, _ := http.NewRequest("GET", "https://s3.amazonaws.com/"+s, nil)
87	+	resp, _ := DefaultTransport.RoundTrip(req)
88	+	defer resp.Body.Close()
89	+	contents, err := ioutil.ReadAll(resp.Body)
90	+	if err != nil {
91	+	fmt.Printf("%s", err)
92	+	}
93	+	if strings.Contains(string(contents), "<Code>NoSuchBucket</Code>") {
94	+	fmt.Println("[NoSuchBucket] " + s)
95	+	} else if strings.Contains(string(contents), "<Code>AccessDenied</Code>") {
96	+	fmt.Println("[PublicAccessDenied] " + s)
97	+	} else {
98	+	fmt.Println("[PublicAccessGranted] " + s)
99	+	}
100	+	}(s)
101	+	}
102	+	wg.Wait()
103	+	} else {
104	+	for _, s := range s3Buckets {
105	+	if *tN {
106	+	fmt.Println(s)
107	+	}
108	+	if *tS {
109	+	fmt.Println("s3://" + s)
110	+	}
111	+	if *tP {
112	+	fmt.Println("https://s3.amazonaws.com/" + s)
113	+	}
114	+	if *tV {
115	+	fmt.Println(s + ".s3.amazonaws.com")
116	+	}
117	+	}
118	+	}
119	+	_ = oN
120	+	_ = oA
121	+	}
122	+
123	+	func unique(intSlice []string) []string {
124	+	keys := make(map[string]bool)
125	+	list := []string{}
126	+	for _, entry := range intSlice {
127	+	if _, value := keys[entry]; !value {
128	+	keys[entry] = true
129	+	list = append(list, entry)
130	+	}
131	+	}
132	+	return list
133	+	}
134	+
135	+	func identifys3(t string) string {
136	+	// images.skypicker.com-dev.s3-website-eu => images.skypicker.com-dev1
137	+	target := strings.Replace(t, "http://", "", 1)
138	+	target = strings.Replace(target, "https://", "", 1)
139	+	target = strings.Replace(target, "s3://", "s3:////", 1)
140	+	target = strings.Replace(target, "//", "", 1)
141	+
142	+	path, _ := regexp.MatchString(s3path, target)
143	+	vh, _ := regexp.MatchString(s3vh, target)
144	+	url, _ := regexp.MatchString(s3url, target)
145	+
146	+	if path {
147	+	target = strings.Replace(target, "s3.amazonaws.com/", "", 1)
148	+	target = strings.Split(target, "/")[0]
149	+	return target
150	+	} else if vh {
151	+	target = strings.Replace(target, ".s3.amazonaws.com", "", 1)
152	+	target = strings.Split(target, "/")[0]
153	+	return target
154	+	} else if url {
155	+	target = strings.Replace(target, "s3://", "", 1)
156	+	target = strings.Split(target, "/")[0]
157	+	return target
158	+	}
159	+	return ""
160	+	}
161	+
162	+	// readLines reads all of the lines from a text file in to
163	+	// a slice of strings, returning the slice and any error
164	+	func readLines(filename string) ([]string, error) {
165	+	f, err := os.Open(filename)
166	+	if err != nil {
167	+	return []string{}, err
168	+	}
169	+	defer f.Close()
170	+
171	+	lines := make([]string, 0)
172	+	sc := bufio.NewScanner(f)
173	+	for sc.Scan() {
174	+	lines = append(lines, sc.Text())
175	+	}
176	+
177	+	return lines, sc.Err()
178	+	}
179	+
180	+	// readLinesOrLiteral tries to read lines from a file, returning
181	+	// the arg in a string slice if the file doesn't exist, unless
182	+	// the arg matches its default value
183	+	func readLinesOrLiteral(arg string) ([]string, error) {
184	+	if isFile(arg) {
185	+	return readLines(arg)
186	+	}
187	+
188	+	// if the argument isn't a file, but it is the default, don't
189	+	// treat it as a literal value
190	+
191	+	return []string{arg}, nil
192	+	}
193	+
194	+	// isFile returns true if its argument is a regular file
195	+	func isFile(path string) bool {
196	+	f, err := os.Stat(path)
197	+	return err == nil && f.Mode().IsRegular()
198	+	}
199	+

s3reverse

Binary file.

■ ■ ■ ■ ■ ■

sample

1	+	udemy-web-upload-transitional.s3.amazonaws.com
2	+	github-cloud.s3.amazonaws.com
3	+	github-production-repository-file-5c1aeb.s3.amazonaws.com
4	+	github-production-upload-manifest-file-7fdce7.s3.amazonaws.com
5	+	github-production-user-asset-6210df.s3.amazonaws.com
6	+	github-cloud.s3.amazonaws.com
7	+	github-cloud.s3.amazonaws.com
8	+	github-education-web.s3.amazonaws.com
9	+	github-education-web.s3.amazonaws.com
10	+	github-cloud.s3.amazonaws.com
11	+	github-production-repository-file-5c1aeb.s3.amazonaws.com
12	+	github-production-upload-manifest-file-7fdce7.s3.amazonaws.com
13	+	github-production-user-asset-6210df.s3.amazonaws.com
14	+	github-cloud.s3.amazonaws.com
15	+	github-jobs.s3.amazonaws.com
16	+	//s3-us-west-2.amazonaws.com/rubygems-dumps
17	+	optimizely.s3.amazonaws.com
18	+	app-usa-modeast-prod-a01239f.s3.amazonaws.com
19	+	app-usa-modeast-prod-a01239f.s3.amazonaws.com
20	+	//s3.amazonaws.com/doc
21	+	swipely-merchant-assets.s3.amazonaws.com
22	+	s3://adslfjasldfkjasldkfjalsdfkajsljasldf
23	+	swipely-merchant-assets.s3.amazonaws.com
24	+	swipely-merchant-assets.s3.amazonaws.com
25	+	swipely-merchant-assets.s3.amazonaws.com
26	+	//s3-us-west-2.amazonaws.com/public.lob.com
27	+	//s3-us-west-2.amazonaws.com/public.lob.com
28	+	cbphotovideo.s3.amazonaws.com
29	+	cbphotovideo-eu.s3.amazonaws.com
30	+	public.chaturbate.com.s3.amazonaws.com
31	+	wowdvr.s3.amazonaws.com
32	+	cbvideoupload.s3.amazonaws.com
33	+	cbphotovideo.s3.amazonaws.com
34	+	s3://testbuckettesttest
35	+	cbphotovideo-eu.s3.amazonaws.com
36	+	public.chaturbate.com.s3.amazonaws.com
37	+	wowdvr.s3.amazonaws.com
38	+	cbvideoupload.s3.amazonaws.com
39	+	cbphotovideo.s3.amazonaws.com
40	+	cbphotovideo-eu.s3.amazonaws.com
41	+

Updated