s3sec: Test AWS S3 buckets for read/write/delete access
Test AWS S3 buckets for read/write/delete access
This tool was developed to quickly test a list of s3 buckets for public read, write and delete access for the purposes of penetration testing on bug bounty programs.
git clone https://github.com/0xmoot/s3sec.git
Setup AWS CLI & Credentials (optional)
To get the most out of this tool you should install the AWS CLI and set up user credentials.
With AWS CLI a series of deeper tests (including unsigned read, writing files, and deleting files) is activated:
Installing AWS CLI on Kali Linux
To install AWS CLI you can simply install using the below command:
pip3 install awscli
Getting AWS Credentials (Access Key ID and AWS Secret Access Key)
Sign up for Amazon’s AWS from their official website: https://aws.amazon.com/free/?all-free-tier.sort-by=item.additionalFields.SortRank&all-free-tier.sort-order=asc
Login to your AWS account and click on My Security Credentials.
Click on Access Keys (access key id and secret access key) to get your login credentials for AWS CLI.
Then click on the Show Access Key option to get your Access Key ID and Secret Access Key or you can download it as well.
Configuring AWS CLI on Kali Linux
- Start a terminal and enter the below commands then enter the AWS Access Key ID and AWS Secret Access Key that was created in previous steps.
Use the following default settings:AWS Access Key Id: <<Your Key>>
AWS Secret Access Key: <<Your Secret Access Key>>
Default region name: ap-south-1
Default output format: json
Copyright (C) 2022 0xmoot