s3_audit

Simple dictionary based read, write, delete permission audit tool for aws s3 bucket written in python.
Need to aws-cli (Here get it.)
The scan result only show 'true/ false /not given'
if you see the true flag in the result, have to further scanning or do others ways to find out vulnerability.
Get the ACL of the S3 bucket using aws credential(access_key method) and fix the vulnerable permission.

Documentation

# pip install requests
# python main.py

Output

##### Scan Completed ####
1,2022-04-12 19:39:52 yours3domain.s3.ap-northeast-1.amazonaws.com [ListObject: False, PutObject: False, DeleteObject: False]
2,2022-04-12 19:39:56 yours3domain.s3.amazonaws.com [ListObject: False, PutObject: False, DeleteObject: False]

##### This is not S3(?). Make sure domain is correct. ####
1,2022-04-12 19:39:56 nots3domain.com [ListObject: Not_Given, PutObject: Not_Given, DeleteObject: Not_Given]
2,2022-04-12 19:39:56 nots3domain.com [ListObject: Not_Given, PutObject: Not_Given, DeleteObject: Not_Given]
3,2022-04-12 19:39:56 nots3domain.com [ListObject: Not_Given, PutObject: Not_Given, DeleteObject: Not_Given]
4,2022-04-12 19:39:56 nots3domain.com [ListObject: Not_Given, PutObject: Not_Given, DeleteObject: Not_Given]

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
7749.html		7749.html
README.md		README.md
domain.txt		domain.txt
main.py		main.py
requirements.txt		requirements.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

7749.html

7749.html

README.md

README.md

domain.txt

domain.txt

main.py

main.py

requirements.txt

requirements.txt

Repository files navigation

s3_audit

Documentation

Output

About

Releases

Packages

Languages

password123456/s3-audit

Folders and files

Latest commit

History

Repository files navigation

s3_audit

Documentation

Output

About

Topics

Resources

Stars

Watchers

Forks

Languages