2022-5-29-Update-Info

感谢各位大佬的star和支持
add
1、add Aws S3 Bucket Core（新增AWS存储桶检测功能）
Fix
1、The function to save detection results to CSV is moved to config/conf.py（将检测结果CSV保存功能移至config/conf.py）
2、Fix boto3 error（修复Boto3报错问题）
3、Change the problem that some documents are not clear（更新部分文档内容不清晰的问题）

README.en.md

@@ -1,10 +1,29 @@
 # :rooster:0x00 Preface
 
-Want to write a storage bucket utilization, first draw a pie for yourself
+![image-20220529132925098](images/image-20220529132925098.png)
+
+> March 7, 2022
+>
+> I think the documentation is not very clear, wait for the time to update the full documentation of the use of tutorials
+> March 8, 2022
+>
+> May 29, 2022
+>
+> 1. updated the aws storage bucket detection feature
+>
+> 2. feel that the update is a bit slow, this is a busy time, in fact, the new local version is written, has not been push
+
+**Using tutorial**: [Using tutorial](使用教程.md)
+
+**Language**
+
+English README: [English](README.en.md)
+
+I want to write a storage bucket utilization, first draw a pie for myself
 
 + Aliyun Cloud (Aliyun Cloud Oss)
 + Tencent Cloud COS
-+ Huawei Cloud OBS
++ Huawei Cloud (HuaWei Cloud OBS)
 + AWS (Amazon S3 Bucket)
 + Azure (Azure Blob)
 + GCP (Google Cloud Bucket)
@@ -19,14 +38,16 @@ If you think it works fine, you can raise an issue to give the tool a name? :sos
 
 Not too good with Git, code writing also sucks, there are bugs directly mention Issue can (as if I may not even use issue to understand)
 
-> good in the second master to my recommended GitHub Desktop second master YYDS
+> Good thing the second master recommended to me GitHub Desktop second master YYDS
+
+2, AWS storage bucket use
 
 # :pill:0x01 dependency
 
 + pip3 install oss2
 + pip3 install colorlog
-+ pip3 install logging
 + pip3 install argparse
++ pip3 install boto3
 
 # :gun:0x02 Usage
 
@@ -41,64 +62,74 @@ Then write your own Aliyun AK in config/conf.py, the role is as follows
 
 2, used to verify the legitimate user
 
-
-![image-20220304184757595](https://uzjumakdown-1256190082.cos.ap-guangzhou.myqcloud.com/UzJuMarkDownImageimage-20220304184757595.png)
+![image-20220304184757595](images/UzJuMarkDownImageimage-20220304184757595.png)
 
 ## 1. When storage bucket Policy permission is available
-![image-20220304185015693](https://uzjumakdown-1256190082.cos.ap-guangzhou.myqcloud.com/UzJuMarkDownImageimage-20220304185015693.png)
+
+![images/20220304185015693](images/UzJuMarkDownImageimage-20220304185015693.png)
 
 ## 2. When the storage bucket does not exist (automatically created and hijacked)
-![image-20220304185434168](https://uzjumakdown-1256190082.cos.ap-guangzhou.myqcloud.com/UzJuMarkDownImageimage-20220304185434168.png)
 
-## 3、Batch detection of storage bucket
+![image](images/156925718-9a3dc236-0ef6-4afa-8d26-a2946fe876b2.png)
+
+## 3、Batch detection of storage buckets
+
+New detection function of batch storage bucket, recommend fofa to export all assets with one click
 
-New detection function of batch storage bucket, recommend fofa to export all assets in one click
 **fofa**
 
 ```bash
 domain="aliyuncs.com"
-server="AliyunOSS"domain="aliyuncs.com" #This syntax is not recommended
+server="AliyunOSS" domain="aliyuncs.com" #This syntax is not recommended
 ```
 
 ```bash
-python3 main.py -f filepath
+python3 main.py -f aws/aliyun filepath
+
+# For example
+python3 main.py -f aws . /url.tx\\\\\\\``````````````````````````````````````````````````````````````````````````
 ```
-Then just wait, the scan results will be in the results directory, the file name is the date of the day
-![image-20220306211140577](https://uzjumakdown-1256190082.cos.ap-guangzhou.myqcloud.com/UzJuMarkDownImageimage-20220306211140577.png)
 
-![image-20220306211025275](https://uzjumakdown-1256190082.cos.ap-guangzhou.myqcloud.com/UzJuMarkDownImageimage-20220306211025275.png)
+Then just wait, the scan results will be in the results directory with the date of the day as the filename
+
+![image](images/156925744-3c012b86-6449-4cf1-a790-b2c1282f76bd.png)
+
+![image](images/156925758-36a8fcba-8bc8-4d1a-8863-d8110dbe0b71.png)
+
 Only buckets that have permission to operate will be saved
-![image-20220306211225341](https://uzjumakdown-1256190082.cos.ap-guangzhou.myqcloud.com/UzJuMarkDownImageimage-20220306211225341.png)
-Enter the storage bucket address to automatically detect, the function is as follows
+![image](images/156925766-15d415d3-d573-4b54-ab0f-5c79bc1966ad.png)
+
+Input the storage bucket address to detect automatically, the function is as follows
 
-+ 1. Detect whether the current bucket can be hijacked
++ 1. detect whether the current bucket can be hijacked
   + If it can be hijacked, automatically create a bucket with the same name on the AK account written in the config and open all permissions
 + 2. detect whether the current bucket can list Object
 + 3. Check if the current bucket can get ACL
 + 4、Check if the current bucket can get Policy policy table
 + 5、Detect whether the bucket can upload Objects
 + 6、Batch detection function
 
-## 4, domain name detection function
+## 4、Domain name detection function
 
-Many storage buckets have resolved the domain name, the new judgment of the CNAME of the domain name, and then take the CNAME to detect
+Many storage buckets have resolved the domain name, the new judgment of the domain name CNAME, and then take the CNAME to detect
 
-**can now directly import a large number of domain name assets for detection, will automatically determine the CNAME of the domain name **
+** can now directly import a large number of domain name assets for detection, will automatically determine the CNAME of the domain name **
+
+![image-20220307231827585](images/UzJuMarkDownImageimage-20220307231827585.png)
 
-![image-20220307231827585](https://uzjumakdown-1256190082.cos.ap-guangzhou.myqcloud.com/UzJuMarkDownImageimage-20220307231827585.png)
 # 0x03 Ali cloud storage bucket utilization
 
-### 1、Implementation idea
+### 1、Implementation ideas
 
 First implement the `OssBucketCheckFromSDK` class
 
 + AliyunOssBucketDoesBucketExist
 
-  + AliyunOssBucketDoesBucketExist is used to determine whether the current storage bucket exists, first if the bucket exists then return a True, continue with the following process, if the bucket does not exist, then call the OssBucketExploitFromSDK class, create the bucket, and set ACL permissions, upload access policy, then upload a file for verification, if the bucket exists at this time or AccessDenied, continue with the following process
+  + AliyunOssBucketDoesBucketExist is used to determine whether the current bucket exists, first if the bucket exists then return a True, continue with the following process, if the bucket does not exist, then call the OssBucketExploitFromSDK class, create the bucket, and set ACL permissions, upload access policy, then upload a file for verification, if the bucket exists at this time or AccessDenied, continue with the following process
 
 + AliyunOssGetBucketObjectList
 
-  + determine if the contents of the bucket can be traversed, if so, the first 3 contents will be selected for traversal and displayed
+  + determine if the contents of the bucket can be traversed, and if so, the first 3 contents will be selected for traversal and displayed
 
     > If you want to iterate through more content, you can check the AliyunOssGetBucketObjectList method in aliyunOss.py
 
@@ -114,22 +145,61 @@ First implement the `OssBucketCheckFromSDK` class
 
   + Try to upload a file, whether it can be successfully uploaded
 
+# 0x04 Aws storage bucket utilization
+
+```bash
+python3 main.py -aws xxxx
+```
+
+![image-20220529094124272](images/image-20220529094124272.png)
+
+# 0x05 Explanation of the results file after use
+
+You can see the problematic bucket in the results directory
+
+![image-20220529134339645](images/image-20220529134339645.png)
+
+1, ListObject means the contents of the bucket can be listed
+
+2、PutObject means that the bucket can upload any file
+
+3、NoSuchBucket means the bucket can be taken over
+
+4、GetBucketACL means you can get the ACL of the bucket
+
+5、GetBucketPolicy means you can get the policy configuration of the bucket
+
 # :older_man:0x040001 Update Log
 
 **March 6, 2022**
 
 + Add batch scan function
-+ Fix the problem of Fake_UserAgent reporting errors
++ Fix the Fake_UserAgent error reporting problem
 
 > actually just delete this library, don't use it ^ ^
 
 **March 7, 2022**
 
-+ New Domain Name Detection
++ Added domain detection
+
+**May 29, 2022**
+
+- Added AWS storage bucket scan
+
 # :cop:0xffffffff Disclaimer
 
 Disclaimers
 
-1、This tool is only for academic exchange, it is forbidden to use the tool to do illegal things
+1、This tool is for academic exchange only, it is forbidden to use the tool to do illegal things
 
 2, just writing for fun
+
+3、My WeChat
+
+> If you have a better suggestion or make a friend
+
+![image](images/157070417-dbb7886f-1bb8-412f-a30b-0f85bc8ffa10.png)
+
+# Curve chart
+
+[![Stargazers over time](https://starchart.cc/UzJu/Cloud-Bucket-Leak-Detection-Tools.svg)](https://starchart.cc/UzJu/Cloud-Bucket-Leak-Detection-Tools)

README.md

@@ -1,9 +1,17 @@
 # :rooster:0x00 前言
 
+![image-20220529132925098](images/image-20220529132925098.png)
+
 > 2022年3月7日
 >
 > 我觉得文档写的还不是很清楚，等有空更新一下文档完整的使用教程
 > 2022年3月8日
+>
+> 2022年5月29日
+>
+> 1、更新了aws存储桶检测功能
+>
+> 2、感觉更新有些慢了，这段时间比较忙，其实本地的新版本写好了，一直没有push
 
 **使用教程**: [使用教程](使用教程.md)
 
@@ -32,11 +40,14 @@ English README: [English](README.en.md)
 
 > 好在二爷给我推荐的GitHub Desktop 二爷YYDS
 
+2、AWS存储桶利用
+
 # :pill:0x01 依赖
 
 + pip3 install oss2
 + pip3 install colorlog
 + pip3 install argparse
++ pip3 install boto3
 
 # :gun:0x02 使用方法
 
@@ -45,21 +56,21 @@ git clone https://github.com/UzJu/Cloud-Bucket-Leak-Detection-Tools.git
 python3 main.py -h
 ```
 
-随后在config/conf.py中写入自己的阿里云AK，作用如下
+随后在config/conf.py中写入自己的AK，作用如下
 
 1、如果可以劫持，会用该AK创建同名的存储桶
 
 2、用来验证合法用户
 
-![image-20220304184757595](https://uzjumakdown-1256190082.cos.ap-guangzhou.myqcloud.com/UzJuMarkDownImageimage-20220304184757595.png)
+![image-20220304184757595](images/UzJuMarkDownImageimage-20220304184757595.png)
 
 ## 1、当存储桶Policy权限可获取时
 
-![image-20220304185015693](https://uzjumakdown-1256190082.cos.ap-guangzhou.myqcloud.com/UzJuMarkDownImageimage-20220304185015693.png)
+![image-20220304185015693](images/UzJuMarkDownImageimage-20220304185015693.png)
 
 ## 2、当存储桶不存在时(自动创建并劫持)
 
-![image](https://user-images.githubusercontent.com/50813806/156925718-9a3dc236-0ef6-4afa-8d26-a2946fe876b2.png)
+![image](images/156925718-9a3dc236-0ef6-4afa-8d26-a2946fe876b2.png)
 
 ## 3、批量检测存储桶
 
@@ -73,17 +84,20 @@ server="AliyunOSS"domain="aliyuncs.com" #不推荐该语法
 ```
 
 ```bash
-python3 main.py -f filepath
+python3 main.py -f aws/aliyun filepath
+
+# 例如
+python3 main.py -f aws ./url.tx\\\\\\\``````````````````````````````````````````````````````````````````````````
 ```
 
 随后等待即可，扫描结果会在results目录下，文件名为当天的日期
 
-![image](https://user-images.githubusercontent.com/50813806/156925744-3c012b86-6449-4cf1-a790-b2c1282f76bd.png)
+![image](images/156925744-3c012b86-6449-4cf1-a790-b2c1282f76bd.png)
 
-![image](https://user-images.githubusercontent.com/50813806/156925758-36a8fcba-8bc8-4d1a-8863-d8110dbe0b71.png)
+![image](images/156925758-36a8fcba-8bc8-4d1a-8863-d8110dbe0b71.png)
 
 只会保存有权限操作的存储桶
-![image](https://user-images.githubusercontent.com/50813806/156925766-15d415d3-d573-4b54-ab0f-5c79bc1966ad.png)
+![image](images/156925766-15d415d3-d573-4b54-ab0f-5c79bc1966ad.png)
 
 输入存储桶地址即可自动检测，功能如下
 
@@ -101,7 +115,7 @@ python3 main.py -f filepath
 
 **现在可以直接导入大量域名资产来进行检测，会自动判断域名的CNAME**
 
-![image-20220307231827585](https://uzjumakdown-1256190082.cos.ap-guangzhou.myqcloud.com/UzJuMarkDownImageimage-20220307231827585.png)
+![image-20220307231827585](images/UzJuMarkDownImageimage-20220307231827585.png)
 
 # 0x03 阿里云存储桶利用
 
@@ -131,7 +145,29 @@ python3 main.py -f filepath
 
   + 尝试上传一个文件，是否可以成功上传
 
+# 0x04 Aws存储桶利用
+
+```bash
+python3 main.py -aws xxxx
+```
+
+![image-20220529094124272](images/image-20220529094124272.png)
 
+# 0x05 利用后results文件解释
+
+在results目录下可以看到存在问题的存储桶
+
+![image-20220529134339645](images/image-20220529134339645.png)
+
+1、ListObject 代表该存储桶的内容可以列出来
+
+2、PutObject 代表该存储桶可以上传任意的文件
+
+3、NoSuchBucket 代表该存储桶可以接管
+
+4、GetBucketACL 代表可以获取该存储桶的ACL
+
+5、GetBucketPolicy  代表可以获取该存储桶的策略配置
 
 # :older_man:0x040001 更新日志
 
@@ -146,6 +182,10 @@ python3 main.py -f filepath
 
 + 新增域名检测
 
+**2022年5月29日**
+
+- 新增AWS存储桶扫描
+
 # :cop:0xffffffff 免责声明
 
 免责声明
@@ -158,7 +198,7 @@ python3 main.py -f filepath
 
 > 如果你有更好的建议或者交个朋友
 
-![image](https://user-images.githubusercontent.com/50813806/157070417-dbb7886f-1bb8-412f-a30b-0f85bc8ffa10.png)
+![image](images/157070417-dbb7886f-1bb8-412f-a30b-0f85bc8ffa10.png)
 
 # 曲线图
 

config/conf.py

@@ -12,13 +12,39 @@
 # headers = {
 #     "UserAgent": UA.random
 # }
+import os
+import datetime
+import csv
+
+NowTime = datetime.datetime.now().strftime('%Y-%m-%d')
 """
 2022年3月6日 16:55
 部分用户反馈该库存在报错的问题，故此目前删除该库
 最开始使用该库是因为想用HTTP的方式实现功能，所以使用了fake_useragent
 现在实现的方式是直接调SDK所以不需要这个Fake_useragent了
 """
 
+# aliyun
 AliyunAccessKey_ID = ""
 AliyunAccessKey_Secret = ""
 
+# aws
+AWS_ACCESS_KEY = ''
+AWS_SECRET_KEY = ''
+
+
+def save_results(target, info):
+    headers = ['存储桶地址', '权限']
+    filepath = f'{os.getcwd()}/results/{NowTime}.csv'
+    rows = [
+        [f"{target}", info]
+    ]
+    if not os.path.isfile(filepath):
+        with open(filepath, 'a+', newline='') as f:
+            f = csv.writer(f)
+            f.writerow(headers)
+            f.writerows(rows)
+    else:
+        with open(filepath, 'a+', newline='') as f:
+            f_csv = csv.writer(f)
+            f_csv.writerows(rows)