S3Sec tool was developed to quickly test a list of s3 buckets for public read, write and delete access for the purposes of penetration testing on bug bounty programs.
Clone the git repo onto your machine:
git clone https://github.com/0xmoot/s3sec
Check a single S3 instance:
echo “test-instance.s3.amazonaws.com” | python3 s3sec.py
Or:
echo “test-instance” | python3 s3sec.py
Check a list of S3 instances:
cat locations | python3 s3sec.py
To get the most out of this tool you should install the AWS CLI and setup user credentials.
With AWS CLI a series of deeper tests (including unsigned read, writing files and deleting files) is activated:
To install AWS CLI you can simply install using below command:
pip3 install awscli
aws configure
Use the following default settings:
AWS Access Key Id: <>
AWS Secret Access Key: <>
Default region name: ap-south-1
Default output format: json
WID_LoadLibrary is a custom implementation inspired by the Windows API function LoadLibrary, which is used…
Locksmith is a specialized tool designed to identify and remediate vulnerabilities in Active Directory Certificate…
Uscrapper Vanta is a powerful open-source intelligence (OSINT) tool designed to revolutionize web scraping and…
Pake is an innovative tool designed to convert any webpage into a desktop application with…
Bevy is an open-source, data-driven game engine built in Rust, designed to simplify game development…
AppFlowy Cloud is a robust component of the AppFlowy ecosystem, designed to provide secure user…