Check AWS S3 instances for read/write/delete access

Last update: Dec 06, 2022

Related tags

Overview

s3sec

Test AWS S3 buckets for read/write/delete access

This tool was developed to quickly test a list of s3 buckets for public read, write and delete access for the purposes of penetration testing on bug bounty programs.

Found a bug bounty using this tool? Feel free to add me as a collaborator: @0xmoot :)

Installation

Clone the git repo onto your machine:

git clone https://github.com/0xmoot/s3sec

Happy hunting :)

Usage

Check a single S3 instance:

echo "test-instance.s3.amazonaws.com" | python3 s3sec.py

Or:

echo "test-instance" | python3 s3sec.py

Check a list of S3 instances:

cat locations | python3 s3sec.py

Setup AWS CLI & Credentials (optional)

To get the most out of this tool you should install the AWS CLI and setup user credentials.

With AWS CLI a series of deeper tests (including unsigned read, writing files and deleting files) is activated:

Installing AWS CLI on Kali Linux

To install AWS CLI you can simply install using below command:

pip3 install awscli

Getting AWS Credentials (Access Key ID and AWS Secret Access Key)

Sign up for Amazon's AWS from their official website: https://aws.amazon.com/free/?all-free-tier.sort-by=item.additionalFields.SortRank&all-free-tier.sort-order=asc
Login into your AWS account and click on My Security Credentials.
Click on Access Keys (access key id and secret access key) to get your login credentials for AWS CLI.
Then click on Show Access Key option to get your Access Key ID and Secret Access Key or you can download it as well.

Configuring AWS CLI on Kali Linux

Start a terminal and enter the below commands then enter the AWS Access Key ID and AWS Secret Access Key that was created in previous steps.

aws configure

Use the following default settings:

AWS Access Key Id: <
   
    >
AWS Secret Access Key: <
    
     >
Default region name: ap-south-1
Default output format: json

Disclaimer

The developers assume no liability and are not responsible for any misuse or damage caused by the s3sec tool. The tool is provided as-is for educational and bug bounty purposes.

License

MIT License

Check AWS S3 instances for read/write/delete access

Related tags

Overview

s3sec

Installation

Usage

Setup AWS CLI & Credentials (optional)

Installing AWS CLI on Kali Linux

Getting AWS Credentials (Access Key ID and AWS Secret Access Key)

Configuring AWS CLI on Kali Linux

Disclaimer

License

Owner

0xmoot

For Help/Questions Join in discord

Super simple anti-spam Discord bot

Discord music bot using discord.py, slash commands, and yt-dlp.

This repo provides the source code for "Cross-Domain Adaptive Teacher for Object Detection".

Get-Phone-Number-Details-using-Python - To get the details of any number, we can use an amazing Python module known as phonenumbers.

Tglogging - A python package to send your app logs to a telegram chat in realtime

This is a translator that i made by myself in python with the 'googletrans' library

Decode the Ontario proof of vaccination QR code

An Telegram Bot By @AsmSafone To Stream Videos in Telegram Voice Chat. This is Also The Source Code of The Bot Which is Being Used In @SafoTheBot Group! ❤️

Discord-Mass-Mention - Yup the title says it all

A simple program to display current playing from Spotify app on your desktop

A python tool to Automate Whatsapp through Whatsapp web

An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations.

Optimus Prime - A modular Telegram group management and drive clone bot running on Python with sqlalchemy database

Discord-RAID-Tool - Hacks/tools

This is a simple Python bot to identify sentiments in tweets

A customizable, multilanguage Telegram shop bot with Telegram Payments support

Обертка для мини-игры "рабы" на python

Facebook fishing on telegram bot

Make a command interpreter that manages AirBnb objects