automatic import of python-s3scanner

3 files changed, 486 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
index e69de29..1f91b1f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+/S3Scanner-2.0.2.tar.gz
diff --git a/python-s3scanner.spec b/python-s3scanner.spec
new file mode 100644
index 0000000..1b3607b
--- /dev/null
+++ b/python-s3scanner.spec
@@ -0,0 +1,484 @@
+%global _empty_manifest_terminate_build 0
+Name:		python-S3Scanner
+Version:	2.0.2
+Release:	1
+Summary:	Scan for open S3 buckets and dump the contents
+License:	MIT License
+URL:		https://github.com/sa7mon/S3Scanner
+Source0:	https://mirrors.nju.edu.cn/pypi/web/packages/7c/28/20af6edde8edee3e44cbaeaab0cbe0fb1dd64d9f613bd1f68b678cee944b/S3Scanner-2.0.2.tar.gz
+BuildArch:	noarch
+
+Requires:	python3-boto3
+
+%description
+# S3Scanner
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) [![Build Status](https://travis-ci.org/sa7mon/S3Scanner.svg?branch=master)](https://travis-ci.org/sa7mon/S3Scanner)
+
+A tool to find open S3 buckets and dump their contents💧
+
+<img src="https://user-images.githubusercontent.com/3712226/115632654-d4f8c280-a2cd-11eb-87ee-c70bbd4f1edb.png" width="85%"/>
+
+## Usage
+<pre>
+usage: s3scanner [-h] [--version] [--threads n] [--endpoint-url ENDPOINT_URL] [--endpoint-address-style {path,vhost}] [--insecure] {scan,dump} ...
+
+s3scanner: Audit unsecured S3 buckets
+           by Dan Salmon - github.com/sa7mon, @bltjetpack
+
+optional arguments:
+  -h, --help            show this help message and exit
+  --version             Display the current version of this tool
+  --threads n, -t n     Number of threads to use. Default: 4
+  --endpoint-url ENDPOINT_URL, -u ENDPOINT_URL
+                        URL of S3-compliant API. Default: https://s3.amazonaws.com
+  --endpoint-address-style {path,vhost}, -s {path,vhost}
+                        Address style to use for the endpoint. Default: path
+  --insecure, -i        Do not verify SSL
+
+mode:
+  {scan,dump}           (Must choose one)
+    scan                Scan bucket permissions
+    dump                Dump the contents of buckets
+</pre>
+
+## Support
+🚀 If you've found this tool useful, please consider donating to support its development
+
+[![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=XG5BGLQZPJ9H8)
+
+[![ko-fi](https://ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/B0B54D93O)
+
+## Installation
+
+```shell
+pip3 install s3scanner
+```
+
+or via Docker:
+
+```shell
+docker build . -t s3scanner:latest
+docker run --rm s3scanner:latest scan --bucket my-buket
+```
+
+or from source:
+
+```shell
+git clone git@github.com:sa7mon/S3Scanner.git
+cd S3Scanner
+pip3 install -r requirements.txt
+python3 -m S3Scanner
+```
+
+## Features
+
+* ⚡️ Multi-threaded scanning
+* 🔭 Supports tons of S3-compatible APIs
+* 🕵️‍♀️ Scans all bucket permissions to find misconfigurations
+* 💾 Dump bucket contents to a local folder
+* 🐳 Docker support
+
+## Examples
+
+* Scan AWS buckets listed in a file with 8 threads
+  ```shell
+  $ s3scanner --threads 8 scan --buckets-file ./bucket-names.txt
+   ```
+* Scan a bucket in Digital Ocean Spaces 
+  ```shell
+  $ s3scanner --endpoint-url https://sfo2.digitaloceanspaces.com scan --bucket my-bucket
+  ```
+* Dump a single AWS bucket
+  ```shell
+  $ s3scanner dump --bucket my-bucket-to-dump
+  ```
+* Scan a single Dreamhost Objects bucket which uses the vhost address style and an invalid SSL cert
+  ```shell
+  $ s3scanner --endpoint-url https://objects.dreamhost.com --endpoint-address-style vhost --insecure scan --bucket my-bucket
+  ```
+
+## S3-compatible APIs
+
+`S3Scanner` can scan and dump buckets in S3-compatible APIs services other than AWS by using the
+`--endpoint-url` argument. Depending on the service, you may also need the `--endpoint-address-style`
+or `--insecure` arguments as well. 
+
+Some services have different endpoints corresponding to different regions
+
+**Note:** `S3Scanner` currently only supports scanning for anonymous user permissions of non-AWS services
+
+| Service | Example Endpoint | Address Style | Insecure ? |
+|---------|------------------|:-------------:|:----------:|
+| DigitalOcean Spaces (SFO2 region) | https://sfo2.digitaloceanspaces.com | path | No |  
+| Dreamhost | https://objects.dreamhost.com | vhost | Yes |
+| Linode Object Storage (eu-central-1 region) | https://eu-central-1.linodeobjects.com | vhost | No |
+| Scaleway Object Storage (nl-ams region) | https://s3.nl-ams.scw.cloud | path | No |
+| Wasabi Cloud Storage | http://s3.wasabisys.com/ | path | Yes |
+
+📚 Current status of non-AWS APIs can be found [in the project wiki](https://github.com/sa7mon/S3Scanner/wiki/S3-Compatible-APIs)
+
+## Interpreting Results
+
+This tool will attempt to get all available information about a bucket, but it's up to you to interpret the results.
+
+[Possible permissions](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/set-bucket-permissions.html) for buckets:
+
+* Read - List and view all files
+* Write - Write files to bucket
+* Read ACP - Read all Access Control Policies attached to bucket
+* Write ACP - Write Access Control Policies to bucket
+* Full Control - All above permissions
+  
+Any or all of these permissions can be set for the 2 main user groups:
+* Authenticated Users
+* Public Users (those without AWS credentials set)
+* Individual users/groups (out of scope of this tool)
+  
+**What this means:** Just because a bucket doesn't allow reading/writing ACLs doesn't mean you can't read/write files in the bucket. Conversely, you may be able to list ACLs but not read/write to the bucket
+
+## Contributors
+* [Ohelig](https://github.com/Ohelig)
+* [vysecurity](https://github.com/vysecurity)
+* [janmasarik](https://github.com/janmasarik)
+* [alanyee](https://github.com/alanyee)
+* [klau5dev](https://github.com/klau5dev)
+* [hipotermia](https://github.com/hipotermia)
+
+## License
+
+MIT
+
+
+
+%package -n python3-S3Scanner
+Summary:	Scan for open S3 buckets and dump the contents
+Provides:	python-S3Scanner
+BuildRequires:	python3-devel
+BuildRequires:	python3-setuptools
+BuildRequires:	python3-pip
+%description -n python3-S3Scanner
+# S3Scanner
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) [![Build Status](https://travis-ci.org/sa7mon/S3Scanner.svg?branch=master)](https://travis-ci.org/sa7mon/S3Scanner)
+
+A tool to find open S3 buckets and dump their contents💧
+
+<img src="https://user-images.githubusercontent.com/3712226/115632654-d4f8c280-a2cd-11eb-87ee-c70bbd4f1edb.png" width="85%"/>
+
+## Usage
+<pre>
+usage: s3scanner [-h] [--version] [--threads n] [--endpoint-url ENDPOINT_URL] [--endpoint-address-style {path,vhost}] [--insecure] {scan,dump} ...
+
+s3scanner: Audit unsecured S3 buckets
+           by Dan Salmon - github.com/sa7mon, @bltjetpack
+
+optional arguments:
+  -h, --help            show this help message and exit
+  --version             Display the current version of this tool
+  --threads n, -t n     Number of threads to use. Default: 4
+  --endpoint-url ENDPOINT_URL, -u ENDPOINT_URL
+                        URL of S3-compliant API. Default: https://s3.amazonaws.com
+  --endpoint-address-style {path,vhost}, -s {path,vhost}
+                        Address style to use for the endpoint. Default: path
+  --insecure, -i        Do not verify SSL
+
+mode:
+  {scan,dump}           (Must choose one)
+    scan                Scan bucket permissions
+    dump                Dump the contents of buckets
+</pre>
+
+## Support
+🚀 If you've found this tool useful, please consider donating to support its development
+
+[![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=XG5BGLQZPJ9H8)
+
+[![ko-fi](https://ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/B0B54D93O)
+
+## Installation
+
+```shell
+pip3 install s3scanner
+```
+
+or via Docker:
+
+```shell
+docker build . -t s3scanner:latest
+docker run --rm s3scanner:latest scan --bucket my-buket
+```
+
+or from source:
+
+```shell
+git clone git@github.com:sa7mon/S3Scanner.git
+cd S3Scanner
+pip3 install -r requirements.txt
+python3 -m S3Scanner
+```
+
+## Features
+
+* ⚡️ Multi-threaded scanning
+* 🔭 Supports tons of S3-compatible APIs
+* 🕵️‍♀️ Scans all bucket permissions to find misconfigurations
+* 💾 Dump bucket contents to a local folder
+* 🐳 Docker support
+
+## Examples
+
+* Scan AWS buckets listed in a file with 8 threads
+  ```shell
+  $ s3scanner --threads 8 scan --buckets-file ./bucket-names.txt
+   ```
+* Scan a bucket in Digital Ocean Spaces 
+  ```shell
+  $ s3scanner --endpoint-url https://sfo2.digitaloceanspaces.com scan --bucket my-bucket
+  ```
+* Dump a single AWS bucket
+  ```shell
+  $ s3scanner dump --bucket my-bucket-to-dump
+  ```
+* Scan a single Dreamhost Objects bucket which uses the vhost address style and an invalid SSL cert
+  ```shell
+  $ s3scanner --endpoint-url https://objects.dreamhost.com --endpoint-address-style vhost --insecure scan --bucket my-bucket
+  ```
+
+## S3-compatible APIs
+
+`S3Scanner` can scan and dump buckets in S3-compatible APIs services other than AWS by using the
+`--endpoint-url` argument. Depending on the service, you may also need the `--endpoint-address-style`
+or `--insecure` arguments as well. 
+
+Some services have different endpoints corresponding to different regions
+
+**Note:** `S3Scanner` currently only supports scanning for anonymous user permissions of non-AWS services
+
+| Service | Example Endpoint | Address Style | Insecure ? |
+|---------|------------------|:-------------:|:----------:|
+| DigitalOcean Spaces (SFO2 region) | https://sfo2.digitaloceanspaces.com | path | No |  
+| Dreamhost | https://objects.dreamhost.com | vhost | Yes |
+| Linode Object Storage (eu-central-1 region) | https://eu-central-1.linodeobjects.com | vhost | No |
+| Scaleway Object Storage (nl-ams region) | https://s3.nl-ams.scw.cloud | path | No |
+| Wasabi Cloud Storage | http://s3.wasabisys.com/ | path | Yes |
+
+📚 Current status of non-AWS APIs can be found [in the project wiki](https://github.com/sa7mon/S3Scanner/wiki/S3-Compatible-APIs)
+
+## Interpreting Results
+
+This tool will attempt to get all available information about a bucket, but it's up to you to interpret the results.
+
+[Possible permissions](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/set-bucket-permissions.html) for buckets:
+
+* Read - List and view all files
+* Write - Write files to bucket
+* Read ACP - Read all Access Control Policies attached to bucket
+* Write ACP - Write Access Control Policies to bucket
+* Full Control - All above permissions
+  
+Any or all of these permissions can be set for the 2 main user groups:
+* Authenticated Users
+* Public Users (those without AWS credentials set)
+* Individual users/groups (out of scope of this tool)
+  
+**What this means:** Just because a bucket doesn't allow reading/writing ACLs doesn't mean you can't read/write files in the bucket. Conversely, you may be able to list ACLs but not read/write to the bucket
+
+## Contributors
+* [Ohelig](https://github.com/Ohelig)
+* [vysecurity](https://github.com/vysecurity)
+* [janmasarik](https://github.com/janmasarik)
+* [alanyee](https://github.com/alanyee)
+* [klau5dev](https://github.com/klau5dev)
+* [hipotermia](https://github.com/hipotermia)
+
+## License
+
+MIT
+
+
+
+%package help
+Summary:	Development documents and examples for S3Scanner
+Provides:	python3-S3Scanner-doc
+%description help
+# S3Scanner
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) [![Build Status](https://travis-ci.org/sa7mon/S3Scanner.svg?branch=master)](https://travis-ci.org/sa7mon/S3Scanner)
+
+A tool to find open S3 buckets and dump their contents💧
+
+<img src="https://user-images.githubusercontent.com/3712226/115632654-d4f8c280-a2cd-11eb-87ee-c70bbd4f1edb.png" width="85%"/>
+
+## Usage
+<pre>
+usage: s3scanner [-h] [--version] [--threads n] [--endpoint-url ENDPOINT_URL] [--endpoint-address-style {path,vhost}] [--insecure] {scan,dump} ...
+
+s3scanner: Audit unsecured S3 buckets
+           by Dan Salmon - github.com/sa7mon, @bltjetpack
+
+optional arguments:
+  -h, --help            show this help message and exit
+  --version             Display the current version of this tool
+  --threads n, -t n     Number of threads to use. Default: 4
+  --endpoint-url ENDPOINT_URL, -u ENDPOINT_URL
+                        URL of S3-compliant API. Default: https://s3.amazonaws.com
+  --endpoint-address-style {path,vhost}, -s {path,vhost}
+                        Address style to use for the endpoint. Default: path
+  --insecure, -i        Do not verify SSL
+
+mode:
+  {scan,dump}           (Must choose one)
+    scan                Scan bucket permissions
+    dump                Dump the contents of buckets
+</pre>
+
+## Support
+🚀 If you've found this tool useful, please consider donating to support its development
+
+[![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=XG5BGLQZPJ9H8)
+
+[![ko-fi](https://ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/B0B54D93O)
+
+## Installation
+
+```shell
+pip3 install s3scanner
+```
+
+or via Docker:
+
+```shell
+docker build . -t s3scanner:latest
+docker run --rm s3scanner:latest scan --bucket my-buket
+```
+
+or from source:
+
+```shell
+git clone git@github.com:sa7mon/S3Scanner.git
+cd S3Scanner
+pip3 install -r requirements.txt
+python3 -m S3Scanner
+```
+
+## Features
+
+* ⚡️ Multi-threaded scanning
+* 🔭 Supports tons of S3-compatible APIs
+* 🕵️‍♀️ Scans all bucket permissions to find misconfigurations
+* 💾 Dump bucket contents to a local folder
+* 🐳 Docker support
+
+## Examples
+
+* Scan AWS buckets listed in a file with 8 threads
+  ```shell
+  $ s3scanner --threads 8 scan --buckets-file ./bucket-names.txt
+   ```
+* Scan a bucket in Digital Ocean Spaces 
+  ```shell
+  $ s3scanner --endpoint-url https://sfo2.digitaloceanspaces.com scan --bucket my-bucket
+  ```
+* Dump a single AWS bucket
+  ```shell
+  $ s3scanner dump --bucket my-bucket-to-dump
+  ```
+* Scan a single Dreamhost Objects bucket which uses the vhost address style and an invalid SSL cert
+  ```shell
+  $ s3scanner --endpoint-url https://objects.dreamhost.com --endpoint-address-style vhost --insecure scan --bucket my-bucket
+  ```
+
+## S3-compatible APIs
+
+`S3Scanner` can scan and dump buckets in S3-compatible APIs services other than AWS by using the
+`--endpoint-url` argument. Depending on the service, you may also need the `--endpoint-address-style`
+or `--insecure` arguments as well. 
+
+Some services have different endpoints corresponding to different regions
+
+**Note:** `S3Scanner` currently only supports scanning for anonymous user permissions of non-AWS services
+
+| Service | Example Endpoint | Address Style | Insecure ? |
+|---------|------------------|:-------------:|:----------:|
+| DigitalOcean Spaces (SFO2 region) | https://sfo2.digitaloceanspaces.com | path | No |  
+| Dreamhost | https://objects.dreamhost.com | vhost | Yes |
+| Linode Object Storage (eu-central-1 region) | https://eu-central-1.linodeobjects.com | vhost | No |
+| Scaleway Object Storage (nl-ams region) | https://s3.nl-ams.scw.cloud | path | No |
+| Wasabi Cloud Storage | http://s3.wasabisys.com/ | path | Yes |
+
+📚 Current status of non-AWS APIs can be found [in the project wiki](https://github.com/sa7mon/S3Scanner/wiki/S3-Compatible-APIs)
+
+## Interpreting Results
+
+This tool will attempt to get all available information about a bucket, but it's up to you to interpret the results.
+
+[Possible permissions](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/set-bucket-permissions.html) for buckets:
+
+* Read - List and view all files
+* Write - Write files to bucket
+* Read ACP - Read all Access Control Policies attached to bucket
+* Write ACP - Write Access Control Policies to bucket
+* Full Control - All above permissions
+  
+Any or all of these permissions can be set for the 2 main user groups:
+* Authenticated Users
+* Public Users (those without AWS credentials set)
+* Individual users/groups (out of scope of this tool)
+  
+**What this means:** Just because a bucket doesn't allow reading/writing ACLs doesn't mean you can't read/write files in the bucket. Conversely, you may be able to list ACLs but not read/write to the bucket
+
+## Contributors
+* [Ohelig](https://github.com/Ohelig)
+* [vysecurity](https://github.com/vysecurity)
+* [janmasarik](https://github.com/janmasarik)
+* [alanyee](https://github.com/alanyee)
+* [klau5dev](https://github.com/klau5dev)
+* [hipotermia](https://github.com/hipotermia)
+
+## License
+
+MIT
+
+
+
+%prep
+%autosetup -n S3Scanner-2.0.2
+
+%build
+%py3_build
+
+%install
+%py3_install
+install -d -m755 %{buildroot}/%{_pkgdocdir}
+if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi
+if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi
+if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi
+if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi
+pushd %{buildroot}
+if [ -d usr/lib ]; then
+	find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/lib64 ]; then
+	find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/bin ]; then
+	find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/sbin ]; then
+	find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+touch doclist.lst
+if [ -d usr/share/man ]; then
+	find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst
+fi
+popd
+mv %{buildroot}/filelist.lst .
+mv %{buildroot}/doclist.lst .
+
+%files -n python3-S3Scanner -f filelist.lst
+%dir %{python3_sitelib}/*
+
+%files help -f doclist.lst
+%{_docdir}/*
+
+%changelog
+* Mon May 29 2023 Python_Bot <Python_Bot@openeuler.org> - 2.0.2-1
+- Package Spec generated
diff --git a/sources b/sources
new file mode 100644
index 0000000..df892ee
--- /dev/null
+++ b/sources
@@ -0,0 +1 @@
+19104dc846a4f0b5bd8b8063acd5fb4b  S3Scanner-2.0.2.tar.gz