%global _empty_manifest_terminate_build 0
Name: python-S3Scanner
Version: 2.0.2
Release: 1
Summary: Scan for open S3 buckets and dump the contents
License: MIT License
URL: https://github.com/sa7mon/S3Scanner
Source0: https://mirrors.nju.edu.cn/pypi/web/packages/7c/28/20af6edde8edee3e44cbaeaab0cbe0fb1dd64d9f613bd1f68b678cee944b/S3Scanner-2.0.2.tar.gz
BuildArch: noarch
Requires: python3-boto3
%description
# S3Scanner
[](https://opensource.org/licenses/MIT) [](https://travis-ci.org/sa7mon/S3Scanner)
A tool to find open S3 buckets and dump their contents๐ง
<img src="https://user-images.githubusercontent.com/3712226/115632654-d4f8c280-a2cd-11eb-87ee-c70bbd4f1edb.png" width="85%"/>
## Usage
<pre>
usage: s3scanner [-h] [--version] [--threads n] [--endpoint-url ENDPOINT_URL] [--endpoint-address-style {path,vhost}] [--insecure] {scan,dump} ...
s3scanner: Audit unsecured S3 buckets
by Dan Salmon - github.com/sa7mon, @bltjetpack
optional arguments:
-h, --help show this help message and exit
--version Display the current version of this tool
--threads n, -t n Number of threads to use. Default: 4
--endpoint-url ENDPOINT_URL, -u ENDPOINT_URL
URL of S3-compliant API. Default: https://s3.amazonaws.com
--endpoint-address-style {path,vhost}, -s {path,vhost}
Address style to use for the endpoint. Default: path
--insecure, -i Do not verify SSL
mode:
{scan,dump} (Must choose one)
scan Scan bucket permissions
dump Dump the contents of buckets
</pre>
## Support
๐ If you've found this tool useful, please consider donating to support its development
[](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=XG5BGLQZPJ9H8)
[](https://ko-fi.com/B0B54D93O)
## Installation
```shell
pip3 install s3scanner
```
or via Docker:
```shell
docker build . -t s3scanner:latest
docker run --rm s3scanner:latest scan --bucket my-buket
```
or from source:
```shell
git clone git@github.com:sa7mon/S3Scanner.git
cd S3Scanner
pip3 install -r requirements.txt
python3 -m S3Scanner
```
## Features
* โก๏ธ Multi-threaded scanning
* ๐ญ Supports tons of S3-compatible APIs
* ๐ต๏ธโโ๏ธ Scans all bucket permissions to find misconfigurations
* ๐พ Dump bucket contents to a local folder
* ๐ณ Docker support
## Examples
* Scan AWS buckets listed in a file with 8 threads
```shell
$ s3scanner --threads 8 scan --buckets-file ./bucket-names.txt
```
* Scan a bucket in Digital Ocean Spaces
```shell
$ s3scanner --endpoint-url https://sfo2.digitaloceanspaces.com scan --bucket my-bucket
```
* Dump a single AWS bucket
```shell
$ s3scanner dump --bucket my-bucket-to-dump
```
* Scan a single Dreamhost Objects bucket which uses the vhost address style and an invalid SSL cert
```shell
$ s3scanner --endpoint-url https://objects.dreamhost.com --endpoint-address-style vhost --insecure scan --bucket my-bucket
```
## S3-compatible APIs
`S3Scanner` can scan and dump buckets in S3-compatible APIs services other than AWS by using the
`--endpoint-url` argument. Depending on the service, you may also need the `--endpoint-address-style`
or `--insecure` arguments as well.
Some services have different endpoints corresponding to different regions
**Note:** `S3Scanner` currently only supports scanning for anonymous user permissions of non-AWS services
| Service | Example Endpoint | Address Style | Insecure ? |
|---------|------------------|:-------------:|:----------:|
| DigitalOcean Spaces (SFO2 region) | https://sfo2.digitaloceanspaces.com | path | No |
| Dreamhost | https://objects.dreamhost.com | vhost | Yes |
| Linode Object Storage (eu-central-1 region) | https://eu-central-1.linodeobjects.com | vhost | No |
| Scaleway Object Storage (nl-ams region) | https://s3.nl-ams.scw.cloud | path | No |
| Wasabi Cloud Storage | http://s3.wasabisys.com/ | path | Yes |
๐ Current status of non-AWS APIs can be found [in the project wiki](https://github.com/sa7mon/S3Scanner/wiki/S3-Compatible-APIs)
## Interpreting Results
This tool will attempt to get all available information about a bucket, but it's up to you to interpret the results.
[Possible permissions](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/set-bucket-permissions.html) for buckets:
* Read - List and view all files
* Write - Write files to bucket
* Read ACP - Read all Access Control Policies attached to bucket
* Write ACP - Write Access Control Policies to bucket
* Full Control - All above permissions
Any or all of these permissions can be set for the 2 main user groups:
* Authenticated Users
* Public Users (those without AWS credentials set)
* Individual users/groups (out of scope of this tool)
**What this means:** Just because a bucket doesn't allow reading/writing ACLs doesn't mean you can't read/write files in the bucket. Conversely, you may be able to list ACLs but not read/write to the bucket
## Contributors
* [Ohelig](https://github.com/Ohelig)
* [vysecurity](https://github.com/vysecurity)
* [janmasarik](https://github.com/janmasarik)
* [alanyee](https://github.com/alanyee)
* [klau5dev](https://github.com/klau5dev)
* [hipotermia](https://github.com/hipotermia)
## License
MIT
%package -n python3-S3Scanner
Summary: Scan for open S3 buckets and dump the contents
Provides: python-S3Scanner
BuildRequires: python3-devel
BuildRequires: python3-setuptools
BuildRequires: python3-pip
%description -n python3-S3Scanner
# S3Scanner
[](https://opensource.org/licenses/MIT) [](https://travis-ci.org/sa7mon/S3Scanner)
A tool to find open S3 buckets and dump their contents๐ง
<img src="https://user-images.githubusercontent.com/3712226/115632654-d4f8c280-a2cd-11eb-87ee-c70bbd4f1edb.png" width="85%"/>
## Usage
<pre>
usage: s3scanner [-h] [--version] [--threads n] [--endpoint-url ENDPOINT_URL] [--endpoint-address-style {path,vhost}] [--insecure] {scan,dump} ...
s3scanner: Audit unsecured S3 buckets
by Dan Salmon - github.com/sa7mon, @bltjetpack
optional arguments:
-h, --help show this help message and exit
--version Display the current version of this tool
--threads n, -t n Number of threads to use. Default: 4
--endpoint-url ENDPOINT_URL, -u ENDPOINT_URL
URL of S3-compliant API. Default: https://s3.amazonaws.com
--endpoint-address-style {path,vhost}, -s {path,vhost}
Address style to use for the endpoint. Default: path
--insecure, -i Do not verify SSL
mode:
{scan,dump} (Must choose one)
scan Scan bucket permissions
dump Dump the contents of buckets
</pre>
## Support
๐ If you've found this tool useful, please consider donating to support its development
[](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=XG5BGLQZPJ9H8)
[](https://ko-fi.com/B0B54D93O)
## Installation
```shell
pip3 install s3scanner
```
or via Docker:
```shell
docker build . -t s3scanner:latest
docker run --rm s3scanner:latest scan --bucket my-buket
```
or from source:
```shell
git clone git@github.com:sa7mon/S3Scanner.git
cd S3Scanner
pip3 install -r requirements.txt
python3 -m S3Scanner
```
## Features
* โก๏ธ Multi-threaded scanning
* ๐ญ Supports tons of S3-compatible APIs
* ๐ต๏ธโโ๏ธ Scans all bucket permissions to find misconfigurations
* ๐พ Dump bucket contents to a local folder
* ๐ณ Docker support
## Examples
* Scan AWS buckets listed in a file with 8 threads
```shell
$ s3scanner --threads 8 scan --buckets-file ./bucket-names.txt
```
* Scan a bucket in Digital Ocean Spaces
```shell
$ s3scanner --endpoint-url https://sfo2.digitaloceanspaces.com scan --bucket my-bucket
```
* Dump a single AWS bucket
```shell
$ s3scanner dump --bucket my-bucket-to-dump
```
* Scan a single Dreamhost Objects bucket which uses the vhost address style and an invalid SSL cert
```shell
$ s3scanner --endpoint-url https://objects.dreamhost.com --endpoint-address-style vhost --insecure scan --bucket my-bucket
```
## S3-compatible APIs
`S3Scanner` can scan and dump buckets in S3-compatible APIs services other than AWS by using the
`--endpoint-url` argument. Depending on the service, you may also need the `--endpoint-address-style`
or `--insecure` arguments as well.
Some services have different endpoints corresponding to different regions
**Note:** `S3Scanner` currently only supports scanning for anonymous user permissions of non-AWS services
| Service | Example Endpoint | Address Style | Insecure ? |
|---------|------------------|:-------------:|:----------:|
| DigitalOcean Spaces (SFO2 region) | https://sfo2.digitaloceanspaces.com | path | No |
| Dreamhost | https://objects.dreamhost.com | vhost | Yes |
| Linode Object Storage (eu-central-1 region) | https://eu-central-1.linodeobjects.com | vhost | No |
| Scaleway Object Storage (nl-ams region) | https://s3.nl-ams.scw.cloud | path | No |
| Wasabi Cloud Storage | http://s3.wasabisys.com/ | path | Yes |
๐ Current status of non-AWS APIs can be found [in the project wiki](https://github.com/sa7mon/S3Scanner/wiki/S3-Compatible-APIs)
## Interpreting Results
This tool will attempt to get all available information about a bucket, but it's up to you to interpret the results.
[Possible permissions](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/set-bucket-permissions.html) for buckets:
* Read - List and view all files
* Write - Write files to bucket
* Read ACP - Read all Access Control Policies attached to bucket
* Write ACP - Write Access Control Policies to bucket
* Full Control - All above permissions
Any or all of these permissions can be set for the 2 main user groups:
* Authenticated Users
* Public Users (those without AWS credentials set)
* Individual users/groups (out of scope of this tool)
**What this means:** Just because a bucket doesn't allow reading/writing ACLs doesn't mean you can't read/write files in the bucket. Conversely, you may be able to list ACLs but not read/write to the bucket
## Contributors
* [Ohelig](https://github.com/Ohelig)
* [vysecurity](https://github.com/vysecurity)
* [janmasarik](https://github.com/janmasarik)
* [alanyee](https://github.com/alanyee)
* [klau5dev](https://github.com/klau5dev)
* [hipotermia](https://github.com/hipotermia)
## License
MIT
%package help
Summary: Development documents and examples for S3Scanner
Provides: python3-S3Scanner-doc
%description help
# S3Scanner
[](https://opensource.org/licenses/MIT) [](https://travis-ci.org/sa7mon/S3Scanner)
A tool to find open S3 buckets and dump their contents๐ง
<img src="https://user-images.githubusercontent.com/3712226/115632654-d4f8c280-a2cd-11eb-87ee-c70bbd4f1edb.png" width="85%"/>
## Usage
<pre>
usage: s3scanner [-h] [--version] [--threads n] [--endpoint-url ENDPOINT_URL] [--endpoint-address-style {path,vhost}] [--insecure] {scan,dump} ...
s3scanner: Audit unsecured S3 buckets
by Dan Salmon - github.com/sa7mon, @bltjetpack
optional arguments:
-h, --help show this help message and exit
--version Display the current version of this tool
--threads n, -t n Number of threads to use. Default: 4
--endpoint-url ENDPOINT_URL, -u ENDPOINT_URL
URL of S3-compliant API. Default: https://s3.amazonaws.com
--endpoint-address-style {path,vhost}, -s {path,vhost}
Address style to use for the endpoint. Default: path
--insecure, -i Do not verify SSL
mode:
{scan,dump} (Must choose one)
scan Scan bucket permissions
dump Dump the contents of buckets
</pre>
## Support
๐ If you've found this tool useful, please consider donating to support its development
[](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=XG5BGLQZPJ9H8)
[](https://ko-fi.com/B0B54D93O)
## Installation
```shell
pip3 install s3scanner
```
or via Docker:
```shell
docker build . -t s3scanner:latest
docker run --rm s3scanner:latest scan --bucket my-buket
```
or from source:
```shell
git clone git@github.com:sa7mon/S3Scanner.git
cd S3Scanner
pip3 install -r requirements.txt
python3 -m S3Scanner
```
## Features
* โก๏ธ Multi-threaded scanning
* ๐ญ Supports tons of S3-compatible APIs
* ๐ต๏ธโโ๏ธ Scans all bucket permissions to find misconfigurations
* ๐พ Dump bucket contents to a local folder
* ๐ณ Docker support
## Examples
* Scan AWS buckets listed in a file with 8 threads
```shell
$ s3scanner --threads 8 scan --buckets-file ./bucket-names.txt
```
* Scan a bucket in Digital Ocean Spaces
```shell
$ s3scanner --endpoint-url https://sfo2.digitaloceanspaces.com scan --bucket my-bucket
```
* Dump a single AWS bucket
```shell
$ s3scanner dump --bucket my-bucket-to-dump
```
* Scan a single Dreamhost Objects bucket which uses the vhost address style and an invalid SSL cert
```shell
$ s3scanner --endpoint-url https://objects.dreamhost.com --endpoint-address-style vhost --insecure scan --bucket my-bucket
```
## S3-compatible APIs
`S3Scanner` can scan and dump buckets in S3-compatible APIs services other than AWS by using the
`--endpoint-url` argument. Depending on the service, you may also need the `--endpoint-address-style`
or `--insecure` arguments as well.
Some services have different endpoints corresponding to different regions
**Note:** `S3Scanner` currently only supports scanning for anonymous user permissions of non-AWS services
| Service | Example Endpoint | Address Style | Insecure ? |
|---------|------------------|:-------------:|:----------:|
| DigitalOcean Spaces (SFO2 region) | https://sfo2.digitaloceanspaces.com | path | No |
| Dreamhost | https://objects.dreamhost.com | vhost | Yes |
| Linode Object Storage (eu-central-1 region) | https://eu-central-1.linodeobjects.com | vhost | No |
| Scaleway Object Storage (nl-ams region) | https://s3.nl-ams.scw.cloud | path | No |
| Wasabi Cloud Storage | http://s3.wasabisys.com/ | path | Yes |
๐ Current status of non-AWS APIs can be found [in the project wiki](https://github.com/sa7mon/S3Scanner/wiki/S3-Compatible-APIs)
## Interpreting Results
This tool will attempt to get all available information about a bucket, but it's up to you to interpret the results.
[Possible permissions](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/set-bucket-permissions.html) for buckets:
* Read - List and view all files
* Write - Write files to bucket
* Read ACP - Read all Access Control Policies attached to bucket
* Write ACP - Write Access Control Policies to bucket
* Full Control - All above permissions
Any or all of these permissions can be set for the 2 main user groups:
* Authenticated Users
* Public Users (those without AWS credentials set)
* Individual users/groups (out of scope of this tool)
**What this means:** Just because a bucket doesn't allow reading/writing ACLs doesn't mean you can't read/write files in the bucket. Conversely, you may be able to list ACLs but not read/write to the bucket
## Contributors
* [Ohelig](https://github.com/Ohelig)
* [vysecurity](https://github.com/vysecurity)
* [janmasarik](https://github.com/janmasarik)
* [alanyee](https://github.com/alanyee)
* [klau5dev](https://github.com/klau5dev)
* [hipotermia](https://github.com/hipotermia)
## License
MIT
%prep
%autosetup -n S3Scanner-2.0.2
%build
%py3_build
%install
%py3_install
install -d -m755 %{buildroot}/%{_pkgdocdir}
if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi
if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi
if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi
if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi
pushd %{buildroot}
if [ -d usr/lib ]; then
find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst
fi
if [ -d usr/lib64 ]; then
find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst
fi
if [ -d usr/bin ]; then
find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst
fi
if [ -d usr/sbin ]; then
find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst
fi
touch doclist.lst
if [ -d usr/share/man ]; then
find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst
fi
popd
mv %{buildroot}/filelist.lst .
mv %{buildroot}/doclist.lst .
%files -n python3-S3Scanner -f filelist.lst
%dir %{python3_sitelib}/*
%files help -f doclist.lst
%{_docdir}/*
%changelog
* Wed May 31 2023 Python_Bot <Python_Bot@openeuler.org> - 2.0.2-1
- Package Spec generated