| 134 | |
| 135 | |
| 136 | class BucketWorker(Thread): |
| 137 | def __init__(self, q, *args, **kwargs): |
| 138 | self.q = q |
| 139 | self.use_aws = CONFIG["aws_access_key"] and CONFIG["aws_secret"] |
| 140 | |
| 141 | if self.use_aws: |
| 142 | self.session = Session( |
| 143 | aws_access_key_id=CONFIG["aws_access_key"], aws_secret_access_key=CONFIG["aws_secret"]).resource("s3") |
| 144 | else: |
| 145 | self.session = requests.Session() |
| 146 | self.session.mount( |
| 147 | "http://", HTTPAdapter(pool_connections=ARGS.threads, pool_maxsize=QUEUE_SIZE, max_retries=0)) |
| 148 | |
| 149 | super().__init__(*args, **kwargs) |
| 150 | |
| 151 | def run(self): |
| 152 | global THREAD_EVENT |
| 153 | while not THREAD_EVENT.is_set(): |
| 154 | try: |
| 155 | bucket_url = self.q.get() |
| 156 | self.__check_boto( |
| 157 | bucket_url) if self.use_aws else self.__check_http(bucket_url) |
| 158 | except Exception as e: |
| 159 | print(e) |
| 160 | pass |
| 161 | finally: |
| 162 | self.q.task_done() |
| 163 | |
| 164 | def __check_http(self, bucket_url): |
| 165 | check_response = self.session.head( |
| 166 | S3_URL, timeout=3, headers={"Host": bucket_url}) |
| 167 | |
| 168 | if not ARGS.ignore_rate_limiting\ |
| 169 | and (check_response.status_code == 503 and check_response.reason == "Slow Down"): |
| 170 | self.q.rate_limited = True |
| 171 | # add it back to the queue for re-processing |
| 172 | self.q.put(bucket_url) |
| 173 | elif check_response.status_code == 307: # valid bucket, lets check if its public |
| 174 | new_bucket_url = check_response.headers["Location"] |
| 175 | bucket_response = requests.request( |
| 176 | "GET" if ARGS.only_interesting else "HEAD", new_bucket_url, timeout=3) |
| 177 | |
| 178 | if bucket_response.status_code == 200\ |
| 179 | and (not ARGS.only_interesting or |
| 180 | (ARGS.only_interesting and any(keyword in bucket_response.text for keyword in KEYWORDS))): |
| 181 | self.__output("Found bucket '{}'".format(new_bucket_url), "green") |
| 182 | self.__log(new_bucket_url) |
| 183 | |
| 184 | def __check_boto(self, bucket_url): |
| 185 | bucket_name = bucket_url.replace(".s3.amazonaws.com", "") |
| 186 | |
| 187 | try: |
| 188 | # just to check if the bucket exists. Throws NoSuchBucket exception if not |
| 189 | self.session.meta.client.head_bucket(Bucket=bucket_name) |
| 190 | |
| 191 | if not ARGS.only_interesting or\ |
| 192 | (ARGS.only_interesting and self.__bucket_contains_any_keywords(bucket_name)): |
| 193 | owner = None |