Check AWS S3 instances for read/write/delete access

Related tags

Third-party APIs Wrapperss3sec
Overview

s3sec

Test AWS S3 buckets for read/write/delete access

This tool was developed to quickly test a list of s3 buckets for public read, write and delete access for the purposes of penetration testing on bug bounty programs.

Screenshot

Found a bug bounty using this tool? Feel free to add me as a collaborator: @0xmoot :)

Installation

Clone the git repo onto your machine:

git clone https://github.com/0xmoot/s3sec

Happy hunting :)

Usage

Check a single S3 instance:

echo "test-instance.s3.amazonaws.com" | python3 s3sec.py

Or:

echo "test-instance" | python3 s3sec.py

Check a list of S3 instances:

cat locations | python3 s3sec.py

Setup AWS CLI & Credentials (optional)

To get the most out of this tool you should install the AWS CLI and setup user credentials.

With AWS CLI a series of deeper tests (including unsigned read, writing files and deleting files) is activated:

Installing AWS CLI on Kali Linux

To install AWS CLI you can simply install using below command:

pip3 install awscli

Getting AWS Credentials (Access Key ID and AWS Secret Access Key)

  1. Sign up for Amazon's AWS from their official website: https://aws.amazon.com/free/?all-free-tier.sort-by=item.additionalFields.SortRank&all-free-tier.sort-order=asc

  2. Login into your AWS account and click on My Security Credentials.

  3. Click on Access Keys (access key id and secret access key) to get your login credentials for AWS CLI.

  4. Then click on Show Access Key option to get your Access Key ID and Secret Access Key or you can download it as well.

Configuring AWS CLI on Kali Linux

  1. Start a terminal and enter the below commands then enter the AWS Access Key ID and AWS Secret Access Key that was created in previous steps.
aws configure

Use the following default settings:

AWS Access Key Id: <
   
    >
AWS Secret Access Key: <
    
     >
Default region name: ap-south-1
Default output format: json

Disclaimer

The developers assume no liability and are not responsible for any misuse or damage caused by the s3sec tool. The tool is provided as-is for educational and bug bounty purposes.

License

MIT License

Owner
0xmoot
Infosec protagonist since October 2021
0xmoot
GitHub Repository
This Is Advanced Version Of Old Radio Player, An Telegram Bot to Play Radio/Music in Channel or Group Voice Chats.

Telegram Radio Player V2 An Telegram Bot to Play Radio/Music in Channel or Group Voice Chats. This is also the source code of the bot which is being u

SAF ONE 81 Dec 03, 2022
Discord bot for playing blindfold chess.

Albin Discord bot for playing blindfold chess written in Python. Albin takes the moves from chat and pushes them on the board without showing it. TODO

8 Oct 14, 2022
A discord bot thet lets you play Space invaders.

space_Invaders A discord bot thet lets you play Space invaders. It is my first discord bot... so please give any suggestions to improve it :] Commands

2 Dec 30, 2021
Tiktok BOT 1 link Vidio otomatis : - Nambah view - Nambah love - Nambah share - Nambah love komen (semua komen ke love)

Install Bahannya pip install selenium pip install pyfiglet==0.7.5 Cara Install dan Menjalankannya Git-clone this repo! Install selenium and pyfiglet u

Ahmad Ghozali 1 Mar 01, 2022
An API wrapper around Discord API written in Python

Diskord This library is a maintained fork of now archived library, discord.py. A modern and easy to use API wrapper around Discord API written in Pyth

Diskord 36 Aug 22, 2022
Python wrapper for CoWin API's

Cowin Tracker Python API wrapper for CoWin, India's digital platform launched by the government to help citizens register themselves for the vaccinati

Saiprasad Balasubramanian 43 Jun 11, 2022
Minimal Python client for the Iris API, built on top of Authlib and httpx.

🕸️ Iris Python Client Minimal Python client for the Iris API, built on top of Authlib and httpx. Installation pip install dioptra-iris-client Usage f

Dioptra 1 Jan 28, 2022
NewpaperNews-API - Json data of the news with python

NewsAPI API Documentation BASE_URL = "https://saurav.tech/NewsAPI/" top_headline

Aryaman Prakash 2 Sep 23, 2022
The best Discord bot, created for r/Jailbreak

Bloo Setup instructions These instructions assume you are on macOS or Linux. Windows users, good luck. With Docker (recommended!) You will need the fo

GIR 33 Dec 16, 2022
The worst but simplest webhook bot for GitHub and Matrix.

gh-bot gh-bot is maybe the worst (but simplest) Matrix webhook bot for Github. Example of commits: Example of workflow finished: Setting up Server You

Jae Lo Presti 4 Aug 18, 2022
The official Discord Python framework for thenewboston blockchain.

Project Setup Follow the steps below to set up the project on your environment. Mac Setup Homebrew requires the Xcode command-line tools from Apple's

Bucky Roberts 18 Jul 15, 2022
Discord heximals: More colors for your bot

DISCORD-HEXIMALS More colors for your bot ! Support : okimii#0434 COLORS ( 742 )

4 Feb 04, 2022
NiceHash Python Library and Command Line Rest API

NiceHash Python Library and Command Line Rest API Requirements / Modules pip install requests Required data and where to get it Following data is nee

Ashlin Darius Govindasamy 2 Jan 02, 2022
Trellox Tool is written in Python3 and designed to pull and list Trello boards.

TrelloX Trellox Tool is written in Python3 and designed to list and pull Trello boards. It can be used by penetration testers/bug bounty hunters to de

Ali Fathi Ali Sawehli 1 Dec 05, 2021
Esse script procura qualquer, dados que você queira na wikipedia! Em breve traremos um com dados em toda a internet.

Buscador de dados simples Dependências necessárias Para você poder começar a utilizar esta ferramenta, você vai precisar da dependência "wikipedia", p

Erick Campoy 4 Feb 24, 2022
NFT Generator - A NFT Generator created using Python

NFT_Generator v1 An NFT Generator created using Python. This NFT Generation tool

3 Dec 02, 2022
Use GitHub Actions to create a serverless service.

ActionServerless - Use GitHub Actions to create a serverless service ActionServerless is an action to do some computing and then generate a string/JSO

107 Oct 28, 2022
Properly-formatted dynamic timestamps for Discord messages

discord-timestamps discord-timestamps generates properly-formatted dynamic timestamps for Discord messages, with support for Arrow objects. format

Ben Soyka 2 Mar 10, 2022
Braintree Python library

Braintree Python library The Braintree Python library provides integration access to the Braintree Gateway. TLS 1.2 required The Payment Card Industry

Braintree 230 Dec 18, 2022
Telegram Url Upload Bot With Same more Features ✨

Telegram Url Upload Bot With Same more Features ✨

Group Dc Bots 4 Feb 12, 2022