S3Sec tool was developed to quickly test a list of s3 buckets for public read, write and delete access for the purposes of penetration testing on bug bounty programs.
Clone the git repo onto your machine:
git clone https://github.com/0xmoot/s3sec
Check a single S3 instance:
echo “test-instance.s3.amazonaws.com” | python3 s3sec.py
Or:
echo “test-instance” | python3 s3sec.py
Check a list of S3 instances:
cat locations | python3 s3sec.py
To get the most out of this tool you should install the AWS CLI and setup user credentials.
With AWS CLI a series of deeper tests (including unsigned read, writing files and deleting files) is activated:
To install AWS CLI you can simply install using below command:
pip3 install awscli
aws configure
Use the following default settings:
AWS Access Key Id: <>
AWS Secret Access Key: <>
Default region name: ap-south-1
Default output format: json
Starship is a powerful, minimal, and highly customizable cross-shell prompt designed to enhance the terminal…
Lemmy is an innovative, open-source platform designed for link aggregation and discussion, providing a decentralized…
The latest release of ImHex v1.37.0 introduces a host of exciting features and improvements, enhancing…
Ghauri is a cutting-edge, cross-platform tool designed to automate the detection and exploitation of SQL…
Writing tools have become indispensable for individuals looking to enhance their writing efficiency, accuracy, and…
PatchWerk is a proof-of-concept (PoC) tool designed to clean NTDLL syscall stubs by patching syscall…