Skip to content
main
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
Jun 1, 2021
Jun 1, 2021

Red-Bucket

Red-Bucket

Lightspin S3 Bucket Scanner

Description

Scan your S3 Buckets for public access and cross-account attack discovered by Lightspin's Security Research Team.

The tool analyzes the following:

  • Bucket's block public access settings
  • Bucket policy and ACL
  • Object ACL

Our Research

Link to the full security research blog - part 1

Link to the full security research blog - part 2

Requirements

Red-Bucket is built with Python 3 and Boto3.

The tool requires:

Installation

sudo git clone https://github.com/lightspin-tech/red-bucket.git
cd red-bucket
pip3 install -r requirements.txt

Usage

python3 main.py [output-csv-path] [AWS-Access-Key-id] [AWS-Aecret-Access-Key]

Notes

  • In buckets with more that 1000 objects, the value of "objects amount" will be 1000+.
  • The tool does not drill down to the object level in buckets that have more than 100 objects. if you want to change it you can edit the get_doc_objects function in the code locally to the desired number (999 max)

Contact Us

This research was held by Lightspin's Security Research Team. For more information, contact us at support@lightspin.io.

License

This repository is available under the Apache License 2.0.

About

No description, website, or topics provided.

Resources

License

Releases

No releases published

Packages

No packages published

Languages