Skip to content

2.0.0
Compare
Choose a tag to compare
@sa7mon sa7mon released this 23 Apr 02:29
2.0.0
fb39258
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

This is almost a complete re-write of the tool including scanning logic and output and adds a good amount of new functionality. The code is now much cleaner and simpler than before.

Changes

  • ‼️ Added checks for "dangerous" permissions: Write, WriteACP
  • ✏️ Simplified the output not have different formats for file and console output. Everything is now just output to stdout in a uniform way to allow easy parsing with grep/awk/etc
  • 🔭 Support added for non-AWS S3-compatible APIs. This was done in a generic way to avoid having to include API-specific code in the tool and update it when the APIs inevitably change or break
  • 🐍 Pip package created and distributed
  • 🐳 Built and pushed a Docker image to Docker Hub
  • 📈 Increased overall test coverage to ~90%
  • ⚡️ Added support for multi-threaded scanning and dumping
  • 💾 Added support for "resume-able" dumping. If an object has already been downloaded, it will be skipped unless the sizes differ
  • 🔎 Added Travis CI tests to verify functionality on Python 3.6-3.9

Known Issues / Future Work

  • Currently, non-AWS endpoints are only scanned for anonymous permissions. Testing is needed to see if credential scans work and if the permissions match AWS structure.
  • When dumping a bucket, the tool will check to see if each file has already been downloaded. If it has, the file will be skipped unless the size of the local and remote files don't match. In the future, the user should be given a choice to re-download these files.
  • Measure user desire for other output formats (i.e. csv/json/sqlite)
Assets 2
Loading