Releases: sa7mon/S3Scanner
Releases · sa7mon/S3Scanner
Release list
v3.1.1
v3.1.0
What's Changed
- Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.38.5 to 1.39.0 by @dependabot in #227
- chore: ignore aws library patch releases by @sa7mon in #229
- chore: bump golang.org/x/sync from 0.1.0 to 0.4.0 by @dependabot in #231
- chore: bump github.com/spf13/viper from 1.16.0 to 1.17.0 by @dependabot in #233
- chore: upgrade dependencies by @sa7mon in #241
- packaging: add BlackArch info by @sa7mon in #243
- chore: upgrade dependencies by @sa7mon in #263
- chore: bump github.com/aws/aws-sdk-go-v2/config from 1.25.11 to 1.26.6 by @dependabot in #276
- chore: bump golang.org/x/sync from 0.5.0 to 0.6.0 by @dependabot in #272
- chore: bump gorm.io/gorm from 1.25.5 to 1.25.7 by @dependabot in #281
- chore: bump gorm.io/driver/postgres from 1.5.4 to 1.5.6 by @dependabot in #280
- chore: bump golang.org/x/crypto from 0.16.0 to 0.17.0 by @dependabot in #268
- chore: bump github.com/spf13/viper from 1.17.0 to 1.18.2 by @dependabot in #270
- chore: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.47.2 to 1.50.0 by @dependabot in #282
- chore: bump github.com/aws/aws-sdk-go-v2 from 1.25.0 to 1.26.1 by @dependabot in #305
- chore: upgrade dependencies and fix tests by @sa7mon in #320
- test: update tests by @sa7mon in #336
- bug: use credentials when scanning by @sa7mon in #337
Full Changelog: v3.0.4...v3.1.0
v3.0.4
v3.0.3
Changes
chore
- Bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.11.79 to 1.11.83 by @dependabot in #199
bugfix
- bugfix: ignore dreamhost 'auth' bucket by @sa7mon in #208
- bugfix: remove dreamhost region check by @sa7mon in #211
refactor
feature
- feat: add region check by @sa7mon in #205
- feat: deduplicate bucket names when ingesting from file by @lavafroth in #207
- feat: add scaleway support by @sa7mon in #210
- feat: add winget package by @sa7mon in #212
- dev: add mitmproxy by @sa7mon in #215
Full Changelog: v3.0.2...v3.0.3
v3.0.2
Changes
bugfix
- bugfix: switch custom provider test to DO by @sa7mon in #184
- bugfix: upgrade go & modules by @sa7mon in #185
feature
refactor
- refactor: split out main.go functionality by @sa7mon in #188
- Bump gorm.io/gorm from 1.25.3 to 1.25.4 by @dependabot in #189
- Make region-client map concurrency safe by @lavafroth in #197
New Contributors
- @lavafroth made their first contribution in #197
Full Changelog: v3.0.1...v3.0.2
v3.0.1
v3.0.0
2.0.2
2.0.1
2.0.0
This is almost a complete re-write of the tool including scanning logic and output and adds a good amount of new functionality. The code is now much cleaner and simpler than before.
Changes
‼️ Added checks for "dangerous" permissions: Write, WriteACP- ✏️ Simplified the output not have different formats for file and console output. Everything is now just output to stdout in a uniform way to allow easy parsing with grep/awk/etc
- 🔭 Support added for non-AWS S3-compatible APIs. This was done in a generic way to avoid having to include API-specific code in the tool and update it when the APIs inevitably change or break
- 🐍 Pip package created and distributed
- 🐳 Built and pushed a Docker image to Docker Hub
- 📈 Increased overall test coverage to ~90%
- ⚡️ Added support for multi-threaded scanning and dumping
- 💾 Added support for "resume-able" dumping. If an object has already been downloaded, it will be skipped unless the sizes differ
- 🔎 Added Travis CI tests to verify functionality on Python 3.6-3.9
Known Issues / Future Work
- Currently, non-AWS endpoints are only scanned for anonymous permissions. Testing is needed to see if credential scans work and if the permissions match AWS structure.
- When dumping a bucket, the tool will check to see if each file has already been downloaded. If it has, the file will be skipped unless the size of the local and remote files don't match. In the future, the user should be given a choice to re-download these files.
- Measure user desire for other output formats (i.e. csv/json/sqlite)