Check AWS S3 instances for read/write/delete access

Last update: Dec 06, 2022

Related tags

Overview

s3sec

Test AWS S3 buckets for read/write/delete access

This tool was developed to quickly test a list of s3 buckets for public read, write and delete access for the purposes of penetration testing on bug bounty programs.

Found a bug bounty using this tool? Feel free to add me as a collaborator: @0xmoot :)

Installation

Clone the git repo onto your machine:

git clone https://github.com/0xmoot/s3sec

Happy hunting :)

Usage

Check a single S3 instance:

echo "test-instance.s3.amazonaws.com" | python3 s3sec.py

Or:

echo "test-instance" | python3 s3sec.py

Check a list of S3 instances:

cat locations | python3 s3sec.py

Setup AWS CLI & Credentials (optional)

To get the most out of this tool you should install the AWS CLI and setup user credentials.

With AWS CLI a series of deeper tests (including unsigned read, writing files and deleting files) is activated:

Installing AWS CLI on Kali Linux

To install AWS CLI you can simply install using below command:

pip3 install awscli

Getting AWS Credentials (Access Key ID and AWS Secret Access Key)

Sign up for Amazon's AWS from their official website: https://aws.amazon.com/free/?all-free-tier.sort-by=item.additionalFields.SortRank&all-free-tier.sort-order=asc
Login into your AWS account and click on My Security Credentials.
Click on Access Keys (access key id and secret access key) to get your login credentials for AWS CLI.
Then click on Show Access Key option to get your Access Key ID and Secret Access Key or you can download it as well.

Configuring AWS CLI on Kali Linux

Start a terminal and enter the below commands then enter the AWS Access Key ID and AWS Secret Access Key that was created in previous steps.

aws configure

Use the following default settings:

AWS Access Key Id: <
   
    >
AWS Secret Access Key: <
    
     >
Default region name: ap-south-1
Default output format: json

Disclaimer

The developers assume no liability and are not responsible for any misuse or damage caused by the s3sec tool. The tool is provided as-is for educational and bug bounty purposes.

License

MIT License

Check AWS S3 instances for read/write/delete access

Related tags

Overview

s3sec

Installation

Usage

Setup AWS CLI & Credentials (optional)

Installing AWS CLI on Kali Linux

Getting AWS Credentials (Access Key ID and AWS Secret Access Key)

Configuring AWS CLI on Kali Linux

Disclaimer

License

Owner

0xmoot

A python script that can send notifications to your phone via SMS text

Python functions for opentargets.org API

Integrating Amazon API Gateway private endpoints with on-premises networks

The Python SDK for the Rackspace Cloud

The public discord bot, created by: primitt, further developed by: duino-coin team.

Its Is A Telegram Maths Basic Calculator Bot

Bringing Ethereum Virtual Machine to StarkNet at warp speed!

Program that uses Python to monitor grade updates in the Genesis Platform

Grape - A webbrowser with its own Search Engine

Token-gate Notion pages

A Next-Gen modular Python3 Telegram-Bot with Anime Theme to it.

Aria & Qbittorent Mirror Bot

A discord bot with information and template tracking for pxls.space.

Programmeertheorie 2022 - Team Trainspotters - RailNL

Clipboard-watcher - Keep an eye on the apps that are using your clipboard

A Python Client for News API

DoriBot -Discord Chat Bot

This is a walkthrough about understanding the #BoF machine present in the #OSCP exam.

Bin Checker with Aiogram, Telegram

Spore API wrapper written in Python