Implement Bucketnamelist

abuvanth · Aug 30, 2019 · b8449a0 · b8449a0
1 parent b54ecd5
commit b8449a0
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 13 deletions.
diff --git a/.DS_Store b/.DS_Store
diff --git a/README.md b/README.md
@@ -1,14 +1,23 @@
 # kicks3
-S3 bucket finder from html,js and bucket misconfiguration testing tool
+
+S3 bucket finder from html,js and bucket misconfiguration testing tool.
+
+Currently this tool check three testcases
+
+1. Object listing for Unauthenticated users
+
+2. Object listing for Authenticated users
+
+3. Public writable for all aws users
 
 pip install awscli
 
 aws configure
 
+### get your aws keys from aws console
 
 # Installation
 
-
 pip install kick-s3
 
 
@@ -18,28 +27,37 @@ git clone https://github.com/abuvanth/kicks3.git
 
 cd kicks3
 
-pip install -r requirements.txt
+python setup.py install
 
 ## Usage
 
 # single target
 
-python kicks3.py -u http://target
+ kicks3.py -u http://target
+
+ this will looking for s3 buckets in html and javascript files.
 
-# list of target 
+# Single Bucket 
 
-python kicks3.py -u http://target -l sitelist.txt
+ kicks3.py -b bucketname
+
+ test single bucket name
 
-# authenticated page
+# Bucket list
 
+ kicks3.py -bl bucketnamelist.txt
 
-python kicks3.py -u http://target -c 'cookievalues'
+# list of websites 
 
+ kicks3.py -u http://target -l sitelist.txt
+
+# authenticated page
 
+ kicks3.py -u http://target -c 'cookievalues'
 
 # subdomains
 
-python kicks3.py -u target.com -s 1
+ kicks3.py -u target.com -s 1
 
 
 # Use kicks3 as a module
@@ -55,7 +73,7 @@ for result in scan_result:
     print(result)#bucketname(testname),listable_for_unauth_users(true or false),listable_auth_users(true or false),writable(true or false)
 ```
 
-# buckets from textfile
+# buckets from text file
 
 ```
 import kicks3

diff --git a/kicks3/kicks3.py b/kicks3/kicks3.py
@@ -134,12 +134,13 @@ def finds3(sitelist,cookies='',sub=0):
    ap = argparse.ArgumentParser()
    ap.add_argument("-u", "--url", required=False,help="Please enter target Url start with http or https")
    ap.add_argument("-b", "--bucket", required=False,help="Please enter Bucketname")
+   ap.add_argument("-bl", "--bucketlist", required=False,help="Bucketname List")
    ap.add_argument("-c", "--cookie", required=False,help="Paste ur cookie values for authentication purpose")
    ap.add_argument("-l", "--list", required=False,help="list of sites for testing Eg. sitelist.txt")
    ap.add_argument("-s", "--subdomain", required=False,help=" True or False")
    args = vars(ap.parse_args())
-   if args['url']==None and args['bucket']==None:
-      print('please give input like bucketname or url')
+   if args['url']==None and args['bucket']==None and args['bucketlist']==None:
+      print('please give input like -b bucketname  or -u url or -bl bucketnamelist.txt')
       exit()
    sitelist=[]
    cookies=''
@@ -158,6 +159,10 @@ def finds3(sitelist,cookies='',sub=0):
          print(results[0])
    if args['bucket']:
       results=scan_s3(args['bucket'],silent=True)
+   if args['bucketlist']:
+      bucket_list=open(args['bucketlist'],'r').readlines()
+      results=scan_s3(bucket_list,silent=True)
+
    for i in results:
        print("Bucket name: "+i[0])
        if i[1]:

diff --git a/setup.py b/setup.py
@@ -12,7 +12,7 @@
         install_requires = f.read().splitlines()
 setuptools.setup(
     name="kick-s3",
-    version="2.0.1",
+    version="2.0.2",
     author="Syed Abuthahir",
     author_email="developerabu@gmail.com",
     description="Recon tool",