S3Sec tool was developed to quickly test a list of s3 buckets for public read, write and delete access for the purposes of penetration testing on bug bounty programs.
Clone the git repo onto your machine:
git clone https://github.com/0xmoot/s3sec
Check a single S3 instance:
echo “test-instance.s3.amazonaws.com” | python3 s3sec.py
Or:
echo “test-instance” | python3 s3sec.py
Check a list of S3 instances:
cat locations | python3 s3sec.py
To get the most out of this tool you should install the AWS CLI and setup user credentials.
With AWS CLI a series of deeper tests (including unsigned read, writing files and deleting files) is activated:
To install AWS CLI you can simply install using below command:
pip3 install awscli
aws configure
Use the following default settings:
AWS Access Key Id: <>
AWS Secret Access Key: <>
Default region name: ap-south-1
Default output format: json
Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
If you are working with Linux or writing bash scripts, one of the most common…
What is a bash case statement? A bash case statement is a way to control…
Why Do We Check Files in Bash? When writing a Bash script, you often work…