def print_bucket_response(reply):
"""
Parses the HTTP reply of a brute-force attempt
This function is passed into the class object so we can view results
in real-time.
"""
data = {'platform': 'gcp', 'msg': '', 'target': '', 'access': ''}
if reply.status_code == 404:
pass
elif reply.status_code == 200:
data['msg'] = 'OPEN GOOGLE BUCKET'
data['target'] = reply.url
data['access'] = 'public'
utils.fmt_output(data)
utils.list_bucket_contents(reply.url + '/')
elif reply.status_code == 403:
data['msg'] = 'Protected Google Bucket'
data['target'] = reply.url
data['access'] = 'protected'
utils.fmt_output(data)
else:
print(f" Unknown status codes being received from {reply.url}:\n"
" {reply.status_code}: {reply.reason}")
def print_s3_response(reply, cverbose=True):
"""
Parses the HTTP reply of a brute-force attempt
This function is passed into the class object so we can view results
in real-time.
"""
if reply.status_code == 404:
pass
elif 'Bad Request' in reply.reason:
pass
elif reply.status_code == 200:
if cverbose:
utils.printc(" OPEN S3 BUCKET: {}\n".format(reply.url), 'green')
if cverbose: utils.list_bucket_contents(reply.url)
elif reply.status_code == 403:
if cverbose:
utils.printc(" Protected S3 Bucket: {}\n".format(reply.url),
'orange')
elif 'Slow Down' in reply.reason:
if cverbose:
print("[!] You've been rate limited, skipping rest of check...")
return 'breakout'
else:
if cverbose:
print(" Unknown status codes being received from {}:\n"
" {}: {}".format(reply.url, reply.status_code,
reply.reason))
def print_s3_response(reply):
"""
Parses the HTTP reply of a brute-force attempt
This function is passed into the class object so we can view results
in real-time.
"""
data = {'platform': 'aws', 'msg': '', 'target': '', 'access': ''}
if reply.status_code == 404:
pass
elif 'Bad Request' in reply.reason:
pass
elif reply.status_code == 200:
data['msg'] = 'OPEN S3 BUCKET'
data['target'] = reply.url
data['access'] = 'public'
utils.fmt_output(data)
utils.list_bucket_contents(reply.url)
elif reply.status_code == 403:
data['msg'] = 'Protected S3 Bucket'
data['target'] = reply.url
data['access'] = 'protected'
utils.fmt_output(data)
elif 'Slow Down' in reply.reason:
print("[!] You've been rate limited, skipping rest of check...")
return 'breakout'
else:
print(f" Unknown status codes being received from {reply.url}:\n"
" {reply.status_code}: {reply.reason}")
return None
def print_container_response(reply):
"""
Parses the HTTP reply of a brute-force attempt
This function is passed into the class object so we can view results
in real-time.
"""
data = {'platform': 'azure', 'msg': '', 'target': '', 'access': ''}
# Stop brute forcing disabled accounts
if 'The specified account is disabled' in reply.reason:
print(" [!] Breaking out early, account disabled.")
return 'breakout'
# Stop brute forcing accounts without permission
if ('not authorized to perform this operation' in reply.reason
or 'not have sufficient permissions' in reply.reason
or 'Public access is not permitted' in reply.reason
or 'Server failed to authenticate the request' in reply.reason):
print(" [!] Breaking out early, auth required.")
return 'breakout'
# Stop brute forcing unsupported accounts
if 'Blob API is not yet supported' in reply.reason:
print(" [!] Breaking out early, Hierarchical namespace account")
return 'breakout'
# Handle other responses
if reply.status_code == 404:
pass
elif reply.status_code == 200:
data['msg'] = 'OPEN AZURE CONTAINER'
data['target'] = reply.url
data['access'] = 'public'
utils.fmt_output(data)
utils.list_bucket_contents(reply.url)
elif 'One of the request inputs is out of range' in reply.reason:
pass
elif 'The request URI is invalid' in reply.reason:
pass
else:
print(f" Unknown status codes being received from {reply.url}:\n"
" {reply.status_code}: {reply.reason}")
return None
def print_bucket_response(reply):
"""
Parses the HTTP reply of a brute-force attempt
This function is passed into the class object so we can view results
in real-time.
"""
if reply.status_code == 404:
pass
elif reply.status_code == 200:
utils.printc(" OPEN GOOGLE BUCKET: {}\n".format(reply.url), 'green')
utils.list_bucket_contents(reply.url + '/')
elif reply.status_code == 403:
utils.printc(" Protected Google Bucket: {}\n".format(reply.url),
'orange')
else:
print(" Unknown status codes being received from {}:\n"
" {}: {}".format(reply.url, reply.status_code,
reply.reason))
def print_container_response(reply, cverbose):
"""
Parses the HTTP reply of a brute-force attempt
This function is passed into the class object so we can view results
in real-time.
"""
# Stop brute forcing disabled accounts
if 'The specified account is disabled' in reply.reason:
if cverbose: print(" [!] Breaking out early, account disabled.")
return 'breakout'
# Stop brute forcing accounts without permission
if ('not authorized to perform this operation' in reply.reason
or 'not have sufficient permissions' in reply.reason
or 'Public access is not permitted' in reply.reason
or 'Server failed to authenticate the request' in reply.reason):
if cverbose: print(" [!] Breaking out early, auth required.")
return 'breakout'
# Stop brute forcing unsupported accounts
if 'Blob API is not yet supported' in reply.reason:
if cverbose:
print(" [!] Breaking out early, Hierarchical namespace account")
return 'breakout'
# Handle other responses
if reply.status_code == 404:
pass
elif reply.status_code == 200:
if cverbose:
utils.printc(" OPEN AZURE CONTAINER: {}\n".format(reply.url),
'green')
utils.list_bucket_contents(reply.url, cverbose)
elif 'One of the request inputs is out of range' in reply.reason:
pass
elif 'The request URI is invalid' in reply.reason:
pass
else:
if cverbose:
print(" Unknown status codes being received from {}:\n"
" {}: {}".format(reply.url, reply.status_code,
reply.reason))
