Check AWS S3 instances for read/write/delete access

Related tags

Third-party APIs Wrapperss3sec
Overview

s3sec

Test AWS S3 buckets for read/write/delete access

This tool was developed to quickly test a list of s3 buckets for public read, write and delete access for the purposes of penetration testing on bug bounty programs.

Screenshot

Found a bug bounty using this tool? Feel free to add me as a collaborator: @0xmoot :)

Installation

Clone the git repo onto your machine:

git clone https://github.com/0xmoot/s3sec

Happy hunting :)

Usage

Check a single S3 instance:

echo "test-instance.s3.amazonaws.com" | python3 s3sec.py

Or:

echo "test-instance" | python3 s3sec.py

Check a list of S3 instances:

cat locations | python3 s3sec.py

Setup AWS CLI & Credentials (optional)

To get the most out of this tool you should install the AWS CLI and setup user credentials.

With AWS CLI a series of deeper tests (including unsigned read, writing files and deleting files) is activated:

Installing AWS CLI on Kali Linux

To install AWS CLI you can simply install using below command:

pip3 install awscli

Getting AWS Credentials (Access Key ID and AWS Secret Access Key)

  1. Sign up for Amazon's AWS from their official website: https://aws.amazon.com/free/?all-free-tier.sort-by=item.additionalFields.SortRank&all-free-tier.sort-order=asc

  2. Login into your AWS account and click on My Security Credentials.

  3. Click on Access Keys (access key id and secret access key) to get your login credentials for AWS CLI.

  4. Then click on Show Access Key option to get your Access Key ID and Secret Access Key or you can download it as well.

Configuring AWS CLI on Kali Linux

  1. Start a terminal and enter the below commands then enter the AWS Access Key ID and AWS Secret Access Key that was created in previous steps.
aws configure

Use the following default settings:

AWS Access Key Id: <
   
    >
AWS Secret Access Key: <
    
     >
Default region name: ap-south-1
Default output format: json

Disclaimer

The developers assume no liability and are not responsible for any misuse or damage caused by the s3sec tool. The tool is provided as-is for educational and bug bounty purposes.

License

MIT License

Owner
0xmoot
Infosec protagonist since October 2021
0xmoot
GitHub Repository
A Discord Rich Presence App to set your own custom rich presence.

discord-rich-presence A Discord Rich Presence App to set your own custom rich presence. #BUILDS Ready to use package are available inside "finalpackag

1 Nov 22, 2021
A script that writes automatic instagram comments under a post

Send automatic messages under a post on instagram Instagram will rate limit you after some time. From there on you can only post 1 comment every 40 se

Maximilian Freitag 3 Apr 28, 2022
This is the repository for HalpyBOT, the Hull Seals IRC Chatbot Assistant.

HalpyBOT 1.4.2 This is the repository for HalpyBOT, the Hull Seals IRC Chatbot Assistant. Description This repository houses all of the files required

The Hull Seals 3 Nov 03, 2022
PR Changes Matrix Builder

Pr-changes-matrix-builder - A Github Action that will output a variable to be used in a matrix strategy job based on a PR&'s changes

Kyle James Walker (he/him) 21 Oct 04, 2022
🛰️ Scripts démontrant l'utilisation de l'imagerie RADARSAT-1 à partir d'un seau AWS | 🛰️ Scripts demonstrating the use of RADARSAT-1 imagery from an AWS bucket

🛰️ Scripts démontrant l'utilisation de l'imagerie RADARSAT-1 à partir d'un seau AWS | 🛰️ Scripts demonstrating the use of RADARSAT-1 imagery from an AWS bucket

Agence spatiale canadienne - Canadian Space Agency 4 May 18, 2022
An example of a chatbot with a number-based menu that can be used as a starting point for a project.

NumMenu Bot NumMenu Bot is an example chatbot showing a way to design a number-based menu assistant with Rasa. This type of bot is very useful on plat

Derguene 19 Nov 14, 2022
Sms-bomber - A Simple Browser Automated Bomber

A Simple Browser Automated Bomber which uses selenium :D Star the Repo and Follo

Terminal1337 9 Apr 11, 2022
Extrait les informations contenues dans le code QR de la preuve de vaccination générée par le gouvernement du Québec

DecodeurPreuveVaccinationQC Extrait les informations contenues dans le code QR de la preuve de vaccination générée par le gouvernement du Québec Utili

Guillaume Morissette 8 Jul 26, 2022
A VCVideoPlayer Bot for Telegram made with 💞 By @ProErrorXD

VC Video Player How To Host ✨ Heroku Deploy ✨ The easiest way to deploy this Bot is via Heroku. Credit 🔥 |🇮🇳 Louis |🇮🇳 Sammy |🇮🇳 Blaze Marsha

丂ムᄊᄊƳ 95 May 17, 2022
SongLink Discord Bot - Discord bot to share music links easily

SongLink_Discord_Bot Discord bot to share music links easily. Take a link from y

Edgar Lefevre 4 Feb 18, 2022
Dante, my discord bot. Open source project in development and not optimized for other filesystems, install and setup script in development

DanteMode (In private development for ~6 months) Dante, my discord bot. Open source project in development and not optimized for other filesystems, in

2 Nov 05, 2021
A simple tool that lets you know when you are out of Lost Ark's queues

Overview A simple tool that lets you know when you are out of Lost Ark's queues. You can be notified via: Sound: the app will play a sound Discord web

Nelson 3 Feb 15, 2022
Previewer for VapourSynth scripts.

Standalone previewer for VapourSynth scripts Fork of Endilll's vapoursynth-preview (not maintained anymore) This program is meant to be paired with a

Irrational Encoding Wizardry 26 Dec 16, 2022
Asynchronous RDP/VNC client for Python (GUI)

🚩 This is the public repository of aardwolf, for latest version and updates please consider supporting us through https://porchetta.industries/ AARDW

29 Dec 15, 2022
GitPython is a python library used to interact with Git repositories.

Gitoxide: A peek into the future… I started working on GitPython in 2009, back in the days when Python was 'my thing' and I had great plans with it. O

3.8k Jan 03, 2023
If you are in allot of groups or channel and you would like to leave them at once use this

Telegram-auto-leave-groups If you are in allot of groups or channel and you would like to leave them at once use this USER GUIDE 👣 Insert your telegr

Julius Njoroge 4 Jan 03, 2023
Twitter bot to know the number of dislikes of a YouTube video

YT_dislikes is a twitter bot that allows you to know the number of dislikes (and likes) of a YouTube video. Now it is not possible to see the number o

1 Jan 08, 2022
A Python AWS Lambda Webhook listener that generates a permanent URL when an asset is created in Contentstack.

Webhook Listener A Python Lambda Webhook Listener - Generates a permanent URL on created assets. See doc on Generating a Permanent URL: https://www.co

Contentstack Solutions 1 Nov 04, 2021
Script for downloading Coursera.org videos and naming them.

Coursera Downloader Coursera Downloader Introduction Features Disclaimer Installation instructions Recommended installation method for all Operating S

Coursera Downloader 9k Jan 02, 2023
May or may not be work🚶

AnyDLBot There are multiple things I can do: 👉 All Supported Video Formats of https://rg3.github.io/youtube-dl/supportedsites.html 👉 Upload as file

Arun 2 Nov 16, 2021