Check AWS S3 instances for read/write/delete access

Overview

s3sec

Test AWS S3 buckets for read/write/delete access

This tool was developed to quickly test a list of s3 buckets for public read, write and delete access for the purposes of penetration testing on bug bounty programs.

Screenshot

Found a bug bounty using this tool? Feel free to add me as a collaborator: @0xmoot :)

Installation

Clone the git repo onto your machine:

git clone https://github.com/0xmoot/s3sec

Happy hunting :)

Usage

Check a single S3 instance:

echo "test-instance.s3.amazonaws.com" | python3 s3sec.py

Or:

echo "test-instance" | python3 s3sec.py

Check a list of S3 instances:

cat locations | python3 s3sec.py

Setup AWS CLI & Credentials (optional)

To get the most out of this tool you should install the AWS CLI and setup user credentials.

With AWS CLI a series of deeper tests (including unsigned read, writing files and deleting files) is activated:

Installing AWS CLI on Kali Linux

To install AWS CLI you can simply install using below command:

pip3 install awscli

Getting AWS Credentials (Access Key ID and AWS Secret Access Key)

  1. Sign up for Amazon's AWS from their official website: https://aws.amazon.com/free/?all-free-tier.sort-by=item.additionalFields.SortRank&all-free-tier.sort-order=asc

  2. Login into your AWS account and click on My Security Credentials.

  3. Click on Access Keys (access key id and secret access key) to get your login credentials for AWS CLI.

  4. Then click on Show Access Key option to get your Access Key ID and Secret Access Key or you can download it as well.

Configuring AWS CLI on Kali Linux

  1. Start a terminal and enter the below commands then enter the AWS Access Key ID and AWS Secret Access Key that was created in previous steps.
aws configure

Use the following default settings:

AWS Access Key Id: <
   
    >
AWS Secret Access Key: <
    
     >
Default region name: ap-south-1
Default output format: json

    
   

Disclaimer

The developers assume no liability and are not responsible for any misuse or damage caused by the s3sec tool. The tool is provided as-is for educational and bug bounty purposes.

License

MIT License

Owner
0xmoot
Infosec protagonist since October 2021
0xmoot
Twitter bot that finds new friends in Twitter.

PythonTwitterBot Twitter Bot Thats Find New Friends pip install textblob pip install tweepy pip install googletrans check requirements.txt file Env

IbukiYoshida 4 Aug 11, 2021
yobot插件,Steam雷达,可自动播报玩家的Steam游戏状态和DOTA2图文战报

Steam_watcher 这是 prcbot/yobot 的自定义插件,可自动播报玩家的Steam游戏状态和DOTA2图文战报 都有些什么功能? 本插件可以在用户绑定后自动推送Steam游戏状态的更新和 Dota2 图文战报,以及提供一些手动查询功能 指令列表 atbot 表示需要@BOT ats

羽波 21 Jun 21, 2022
Telegram bot for searching videos in your PDisk account by @AbirHasan2005

PDisk-Videos-Search A Telegram bot for searching videos in your PDisk account by @AbirHasan2005. Configs API_ID - Get from @TeleORG_Bot API_HASH - Get

Abir Hasan 39 Oct 21, 2022
PyDiscord, a maintained fork of discord.py, is a python wrapper for the Discord API.

discord.py A modern, easy to use, feature-rich, and async ready API wrapper for Discord written in Python. The Future of discord.py Please read the gi

Omkaar 1 Jan 16, 2022
Telegram bot to trim and download videos from youtube.

Inline-YouTube-Trim-Bot Telegram bot to trim and download youtube videos Deploy You can deploy this bot anywhere. Demo - YouTubeBot Required Variables

SUBIN 56 Dec 11, 2022
♻️ API to run evaluations of the FAIR principles (Findable, Accessible, Interoperable, Reusable) on online resources

♻️ FAIR enough 🎯 An OpenAPI where anyone can run evaluations to assess how compliant to the FAIR principles is a resource, given the resource identif

Maastricht University IDS 4 Oct 20, 2022
This is my Discord-Bot named priamoryki-bot based on python.

This is my Discord-Bot named priamoryki-bot based on python. It's a public repository without private information, so you need to correct some code for everything to be working.

priamoryki 2 Dec 14, 2022
Plazmix API wrapper for Python

An optimised, easy to use Plazmix API wrapper written in Python

Someone 2 Nov 16, 2021
Framework to make using Bottle less time-consuming and easier

A class for the Bottle API to reduce clutter and difficulty while creating a website.

Tygzy 0 Dec 26, 2022
MassReportBot - Discord Mass Report Bot By Dropout

Discord Mass Report Bot By Dropout Discord Report Bot, Just Re-Made The "Admin R

vanis / 1800 0 Jan 20, 2022
Secret messaging app which you can use to communicate with your friends by encrypting / decrypting secret messages or sending secret message through mail.

Secret-Whisper A Secret messaging app which you can use to communicate with your friends by encrypting / decrypting secret messages 🤫 or sending secr

3 Jan 01, 2022
Asynchronous python aria2 mirror bot Telegram.

aioaria2-mirror-bot A Bot for Telegram made with Python using Pyrogram library. It needs Python 3.9 or newer to run. THIS BOT IS INTENDED TO BE USED O

Adek 85 Jan 03, 2023
An Python SDK for QQ based on mirai-api-http v2.

Argon 一个基于 graia-broadcast 和 mirai-api-http v2 的 Python SDK。 本项目适用于 mirai-api-http 2.0 以上版本。 目前仍处于开发阶段,内部接口可能会有较大的变化。 The Stasis / 停滞 为维持 GraiaProject

BlueGlassBlock 1 Oct 29, 2021
The programm for collecting data from Tinkoff API and building Excel table.

tinkproject The program for portfolio analysis via Tinkoff API Hello! This is my first project, please, don't judge me. This project was developed for

214 Dec 02, 2022
Bringing Ethereum Virtual Machine to StarkNet at warp speed!

Warp Warp brings EVM compatible languages to StarkNet, making it possible to transpile Ethereum smart contracts to Cairo, and use them on StarkNet. Ta

Nethermind 700 Dec 26, 2022
Web-music-bot - A telegram bot which get a *site Url* and sends all songs contain in the Url to telegram

web music bot this is a telegram bot which get a site Url and sends all songs co

Arya Shabane 4 Apr 02, 2022
Flood discord webhooks

Webhook-Spammer Flood discord webhooks Asynchronous webhook spammer Fast & Efficient Usage - Use it with atleast 500 threads Put a valid webhook Use a

trey 1 Apr 22, 2022
Python bindings for Alexa Web Information Service (AWIS) API

Attention! This package is no longer maintained. See this ticket for more info. Wraps Alexa Web Information Service. Usage Making UrlInfo requests: ap

Atamert Ölçgen 51 Feb 12, 2022
Template to create a telegram bot in python

Template for Telegram Bot Template to create a telegram bot in python. How to Run Set your telegram bot token as environment variable TELEGRAM_BOT_TOK

PyTopia 12 Aug 14, 2022
Osmnx-examples - Usage examples, demos, and tutorials for OSMnx.

OSMnx Examples OSMnx is a Python package to work with street networks and other spatial data from OpenStreetMap: retrieve, model, analyze, and visuali

Geoff Boeing 1.2k Jan 03, 2023