Skip to content

aramosf/s3openbuckets

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 

Repository files navigation

S3OpenBuckets

Introduction

This repository collects information obtained after analyzing all internet(tm) searching for open Buckets of S3. To do this, I have downloaded the CommonCrawl WAT files and parsed the links, I have checked and listed the contents of those that were open. This analysis is similar to the one performed by Rapid7 in 2013.

For reference, some used files are published. If you want more and you are not a security porn star wannabe, I can share with you, ask by email with your gov email.

Conclusions

  • 5,738 open buckets were found from the 55,454 Buckets analyzed (10.3%).
  • More than open 40 buckets are used for black SEO
  • From the file list obtained (partial), more than 1,198PB are publicly available
  • File list have the name of 783M files inside.
  • The file with (partial) file list (ls -l) of openbuckets is 60Gb.
  • Not all files are private. There a tons of public files in open buckets.

Files

  • keywords.txt: post-exploitation file containing strings to search for interesting information.
  • s3AllBuckets.txt: list of all the buckets found in CommonCrawl files (55.454)
  • myOwns3dict.txt: dictionary created with the top100 most used names.

Tools

Updated list of the open buckets searching tools available:

Articles

Some articles listing major vulnerabilities and information about the problem:

Bounties reports

Bug bounties report list including Amazon’s opened buckets:

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published