xs3scann3r is a command-line interface (CLI) utility to scan S3 bucket permissions.

• Features
• Installation
  • Install release binaries
  • Install source
    • go install ...
    • go build ... the development Version
• Usage
  • Interpreting Results
• Contribution
• Licensing

• Scans all bucket permissions to find misconfigurations

Visit the releases page and find the appropriate archive for your operating system and architecture. Download the archive from your browser or copy its URL and retrieve it with wget or curl:

• ...with wget:

   wget https://github.com/hueristiq/xs3scann3r/releases/download/v<version>/xs3scann3r-<version>-linux-amd64.tar.gz

• ...or, with curl:

   curl -OL https://github.com/hueristiq/xs3scann3r/releases/download/v<version>/xs3scann3r-<version>-linux-amd64.tar.gz

...then, extract the binary:

tar xf xs3scann3r-<version>-linux-amd64.tar.gz

TIP: The above steps, download and extract, can be combined into a single step with this onliner

curl -sL https://github.com/hueristiq/xs3scann3r/releases/download/v<version>/xs3scann3r-<version>-linux-amd64.tar.gz | tar -xzv

NOTE: On Windows systems, you should be able to double-click the zip archive to extract the xs3scann3r executable.

...move the xs3scann3r binary to somewhere in your PATH. For example, on GNU/Linux and OS X systems:

sudo mv xs3scann3r /usr/local/bin/

NOTE: Windows users can follow How to: Add Tool Locations to the PATH Environment Variable in order to add xs3scann3r to their PATH.

Before you install from source, you need to make sure that Go is installed on your system. You can install Go by following the official instructions for your operating system. For this, we will assume that Go is already installed.

go install -v github.com/hueristiq/xs3scann3r/cmd/xs3scann3r@latest

• Clone the repository

   git clone https://github.com/hueristiq/xs3scann3r.git 

• Build the utility

   cd xs3scann3r/cmd/xs3scann3r && \
   go build .

• Move the xs3scann3r binary to somewhere in your PATH. For example, on GNU/Linux and OS X systems:

   sudo mv xs3scann3r /usr/local/bin/

  NOTE: Windows users can follow How to: Add Tool Locations to the PATH Environment Variable in order to add xs3scann3r to their PATH.

NOTE: While the development version is a good way to take a peek at xs3scann3r's latest features before they get released, be aware that it may have bugs. Officially released versions will generally be more stable.

NOTE: To use this tool awscli is required to have been installed and configured.

To display help message for xs3scann3r use the -h flag:

`xs3scann3r` -h

help message:

          _____                           _____      
__  _____|___ / ___  ___ __ _ _ __  _ __ |___ / _ __ 
\ \/ / __| |_ \/ __|/ __/ _` | '_ \| '_ \  |_ \| '__|
 >  <\__ \___) \__ \ (_| (_| | | | | | | |___) | |   
/_/\_\___/____/|___/\___\__,_|_| |_|_| |_|____/|_| v0.0.0

A CLI utility to scan S3 buckets permissions.

USAGE:
  xs3scann3r [OPTIONS]

INPUT:
  -i, --input         input file (use `-` to get from stdin)

CONFIGURATIONS:
   -c, --concurrency  number of concurrent threads (default: 10)
   -d, --dump         location to dump objects

OUTPUT:
  -m, --monochrome    disable output content coloring
  -v, --verbosity     debug, info, warning, error, fatal or silent (default: info)

xs3scann3r takes buckets in the format:

• Name - e.g. flaws.cloud
• URL style - e.g. s3://flaws.cloud
• Path style - e.g https://s3.amazonaws.com/flaws.cloud
• Virtual Hosted style - e.g flaws.cloud.s3.amazonaws.com

Possible permissions for buckets:

• Read - List and view all files
• Write - Write files to bucket
• Read ACP - Read all Access Control Policies attached to bucket
• Write ACP - Write Access Control Policies to bucket
• Full Control - All above permissions

Issues and Pull Requests are welcome! Check out the contribution guidelines.

This utility is distributed under the MIT license