Sourcery Starbot ⭐ refactored Explorare/Cloud-Bucket-Leak-Detection-Tools #1
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -36,14 +36,14 @@ def aliyun(target): | |
| aliyun_print_table_header = pt.PrettyTable( | ||
| ['Bucket', 'BucketHijack', 'GetBucketObjectList', 'PutBucketObject', 'GetBucketAcl', 'PutBucketAcl', | ||
| 'GetBucketPolicy']) | ||
|
There was a problem hiding this comment. Function
|
||
| get_domain = urllib.parse.urlparse(target).netloc | ||
| if get_domain == "": | ||
| get_target_list = target.split('.') | ||
| aliyunOss_Check_init = aliyunOss.Aliyun_Oss_Bucket_Check(target=get_target_list[0], | ||
| location=get_target_list[1]) | ||
| aliyunOss_Exploit_init = aliyunOss.Aliyun_Oss_Bucket_Exploit(target=get_target_list[0], | ||
| location=get_target_list[1]) | ||
| aliyun_scan_results = {} | ||
| if aliyunOss_Check_init.Aliyun_Oss_BucketDoesBucketExist(): | ||
| logger.log("INFOR", f"{target}> 当前存储桶不存在, 尝试劫持存储桶") | ||
| if aliyunOss_Exploit_init.Aliyun_Oss_CreateBucket_Exp(): | ||
|
|
@@ -53,45 +53,46 @@ def aliyun(target): | |
| aliyunOss_Exploit_init.Aliyun_Oss_PutBucketPolicy_Exp() | ||
| aliyunOss_Exploit_init.Aliyun_Oss_GetBucketPolicy_Exp() | ||
| aliyunOss_Exploit_init.Aliyun_Oss_PutBucketAcl_Exp() | ||
| aliyun_scan_results["BucketDoesBucketExist"] = "true" | ||
| else: | ||
| aliyun_scan_results["BucketDoesBucketExist"] = "false" | ||
| if aliyunOss_Check_init.Aliyun_Oss_GetBucketObject_List(): | ||
| logger.log("INFOR", f"{target}> 存储桶对象可遍历") | ||
| aliyun_scan_results["GetBucketObject"] = "true" | ||
| else: | ||
| logger.log("ALERT", f"{target}> 存储桶对象不可遍历") | ||
| aliyun_scan_results["GetBucketObject"] = "false" | ||
|
|
||
| if aliyunOss_Check_init.Aliyun_Oss_PutBucketObject(): | ||
| logger.log("INFOR", f"{target}> 可未授权上传对象至存储桶(可导致覆盖已有对象)") | ||
| aliyun_scan_results["PutBucketObject"] = "true" | ||
| else: | ||
| logger.log("ALERT", f"{target}> 不可未授权上传对象至存储桶") | ||
| aliyun_scan_results["PutBucketObject"] = "false" | ||
|
|
||
| if aliyunOss_Check_init.Aliyun_Oss_GetBucketAcl(): | ||
| logger.log("INFOR", f"{target}> 可公开访问存储桶ACL策略") | ||
| aliyun_scan_results["GetBucketAcl"] = "true" | ||
| else: | ||
| logger.log("ALERT", f"{target}> 不可公开访问存储桶ACL策略") | ||
| aliyun_scan_results["GetBucketAcl"] = "false" | ||
|
|
||
| if aliyunOss_Check_init.Aliyun_Oss_PutBucketAcl(): | ||
| logger.log("INFOR", f"{target}> 可上传覆盖存储桶ACL策略") | ||
| aliyun_scan_results["PutBucketAcl"] = "true" | ||
| else: | ||
| logger.log("ALERT", f"{target}> 不可上传覆盖存储桶ACL策略") | ||
| aliyun_scan_results["PutBucketAcl"] = "false" | ||
|
|
||
| if ( | ||
| results_policy := aliyunOss_Check_init.Aliyun_Oss_GetBucketPolicy() | ||
| ): | ||
| logger.log("INFOR", f"{target}> 可公开获取存储桶Policy策略组") | ||
| logger.log("INFOR", f"{target}Policy> {results_policy}") | ||
| aliyun_scan_results["GetBucketPolicy"] = "true" | ||
| else: | ||
| logger.log("ALERT", f"{target}> 不可公开获取存储桶Policy策略") | ||
| aliyun_scan_results["GetBucketPolicy"] = "false" | ||
|
|
||
| aliyun_print_table_header.add_row([target, | ||
| aliyun_scan_results['BucketDoesBucketExist'], | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -13,12 +13,12 @@ | |
|
|
||
|
|
||
| def aliyun_save_file(target, BucketHijack, GetBucketObjectList, PutBucketObject, GetBucketAcl, PutBucketAcl, GetBucketPolicy): | ||
| filepath = f'{os.getcwd()}/results/{NowTime}.csv' | ||
| rows = [ | ||
| [f"{target}", BucketHijack, GetBucketObjectList, PutBucketObject, GetBucketAcl, PutBucketAcl, GetBucketPolicy] | ||
| ] | ||
| if not os.path.isfile(filepath): | ||
| headers = ['Bucket', 'BucketHijack', 'GetBucketObjectList', 'PutBucketObject', 'GetBucketAcl', 'PutBucketAcl', 'GetBucketPolicy'] | ||
|
Comment on lines
-16
to
+21
There was a problem hiding this comment. Function
|
||
| with open(filepath, 'a+', newline='') as f: | ||
| f = csv.writer(f) | ||
| f.writerow(headers) | ||
|
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Function
Aliyun_Oss_Bucket_Check.Aliyun_Oss_GetBucketPolicyrefactored with the following changes:inline-immediately-returned-variable)