GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → nikhil1232 → Bucket-Flaws

nikhil1232 / Bucket-Flaws

Licence: other
Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations

Programming Languages

shell
77523 projects

Labels

aws-s3s3s3-bucketbucketbug-bountyapplication-securitybugbountys3-bucketswaptsecurity-misconfiguration

Projects that are alternatives of or similar to Bucket-Flaws

BlobHelper
BlobHelper is a common, consistent storage interface for Microsoft Azure, Amazon S3, Komodo, Kvpbase, and local filesystem written in C#.
Stars: ✭ 23 (-46.51%)
Mutual labels:  aws-s3, s3, s3-bucket
flask-drive
A simple Flask app to upload and download files off Amazon's S3
Stars: ✭ 23 (-46.51%)
Mutual labels:  aws-s3, s3, s3-bucket
Subdomainizer
A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
Stars: ✭ 915 (+2027.91%)
Mutual labels:  s3-bucket, bug-bounty, bugbounty
s3cli
Command line tool for S3
Stars: ✭ 21 (-51.16%)
Mutual labels:  aws-s3, s3, bucket
Aws Scanner
Scans a list of websites for Cloudfront or S3 Buckets
Stars: ✭ 93 (+116.28%)
Mutual labels:  aws-s3, s3-bucket, bugbounty
Rfi Lfi Payload List
🎯 RFI/LFI Payload List
Stars: ✭ 202 (+369.77%)
Mutual labels:  bug-bounty, application-security, bugbounty
ionic-image-upload
Ionic Plugin for Uploading Images to Amazon S3
Stars: ✭ 26 (-39.53%)
Mutual labels:  aws-s3, s3, s3-bucket
Cloudexplorer
Cloud Explorer
Stars: ✭ 170 (+295.35%)
Mutual labels:  s3, s3-bucket, bucket
Minio Hs
MinIO Client SDK for Haskell
Stars: ✭ 39 (-9.3%)
Mutual labels:  aws-s3, s3, s3-bucket
Goofys
a high-performance, POSIX-ish Amazon S3 file system written in Go
Stars: ✭ 3,932 (+9044.19%)
Mutual labels:  aws-s3, s3, s3-bucket
simply-static-deploy
WordPress plugin to deploy static sites easily to an AWS S3 bucket.
Stars: ✭ 48 (+11.63%)
Mutual labels:  aws-s3, s3, s3-bucket
0x4447 product s3 email
📫 A serverless email server on AWS using S3 and SES
Stars: ✭ 2,905 (+6655.81%)
Mutual labels:  aws-s3, s3, s3-bucket
Sbt S3 Resolver
☁️Amazon S3-based resolver for sbt
Stars: ✭ 112 (+160.47%)
Mutual labels:  aws-s3, s3, s3-bucket
s3-fuzzer
🔐 A concurrent, command-line AWS S3 Fuzzer. Written in Go.
Stars: ✭ 43 (+0%)
Mutual labels:  aws-s3, s3, bucket
django-s3file
A lightweight file upload input for Django and Amazon S3
Stars: ✭ 66 (+53.49%)
Mutual labels:  aws-s3, s3
s3cr3t
A supercharged S3 reverse proxy
Stars: ✭ 55 (+27.91%)
Mutual labels:  s3, s3-bucket
mlflow-tracking-server
MLFLow Tracking Server based on Docker and AWS S3
Stars: ✭ 59 (+37.21%)
Mutual labels:  aws-s3, s3-bucket
terraform-s3-user
A Terraform module that creates a tagged S3 bucket and an IAM user/key with access to the bucket
Stars: ✭ 20 (-53.49%)
Mutual labels:  s3, bucket
awesome-storage
A curated list of storage open source tools. Backups, redundancy, sharing, distribution, encryption, etc.
Stars: ✭ 324 (+653.49%)
Mutual labels:  s3, s3-bucket
S3Scan
Script to spider a website and find publicly open S3 buckets
Stars: ✭ 21 (-51.16%)
Mutual labels:  aws-s3, s3-bucket
View All Similar Projects ➔

Bucket Flaws (S3 Bucket Mass Scanner)

Bucket Flaws: A Simple Lightweight Script that can take a list of bucket names and check for Common S3 Bucket Misconfigurations

Image of BucketFlaws

This is a very small and light bash script that can take both a list of buckets as well a single bucket and perform some basic security checks.

Misconfigurations

1) Unauthenticated Bucket Access

  • Checks for Directory Listing
  • Tries to upload a file (upload.png)

2) Authenticated Bucket Access (This means being authenticated to any aws account)

Bucket Level Checks

  • Checks for Directory Listing
  • Checks for some interesting files/folders based on the keywords provided in the sensitive.txt
  • Tries to fetch the Bucket ACL
  • Tries to upload a file (bucket.png)
  • Tries to dump the whole bucket (optional -d flag)
  • Tries to modify the Bucket ACL (optional -p flag)

Object Level Checks

  • Tries to fetch object ACL
  • Tries to fetch object metadata
  • Tries to dump the object (optional)
  • Tries to modify the object ACL

Usage

Install Reqirements:

pip install -r requirements.txt

Usage: -u for single bucket -f for file containing the list of all the buckets -o for performing object level analysis -p for changing the bucket ACL if allowed -d for dumping the whole bucket if allowed -h for help

Eg:
./bucketflaws.sh -u bucketname
./bucketflaws.sh -f filepath

For performing object level checks as well:
./bucketflaws.sh -u bucketname -o

For modifying Bucket ACL if possible:
./bucketflaws.sh -u bucketname -o -p

Performs all the checks as well as tries to dump the whole bucket(Recommended way):
./bucketflaws.sh -u bucketname -o -p -d

Same as above but for a list of buckets:
./bucketflaws.sh -f filepath -o -p -d

For storing the output to a txt file:
./bucketflaws.sh -f filepath -o -p -d | tee output.txt && sed -i 's/\x1B[[0-9;]+[A-Za-z]//g' output.txt

Image of BucketFlaws -u

Image of BucketFlaws -f

Walkthrough

Bucket-Flaws

NOTE: For Authenticated Check you need to make sure you have configured your aws cli.

Refer this link for configuring AWS CLI: https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].