S3Sec tool was developed to quickly test a list of s3 buckets for public read, write and delete access for the purposes of penetration testing on bug bounty programs.
Clone the git repo onto your machine:
git clone https://github.com/0xmoot/s3sec
Check a single S3 instance:
echo “test-instance.s3.amazonaws.com” | python3 s3sec.py
Or:
echo “test-instance” | python3 s3sec.py
Check a list of S3 instances:
cat locations | python3 s3sec.py
To get the most out of this tool you should install the AWS CLI and setup user credentials.
With AWS CLI a series of deeper tests (including unsigned read, writing files and deleting files) is activated:
To install AWS CLI you can simply install using below command:
pip3 install awscli
aws configure
Use the following default settings:
AWS Access Key Id: <>
AWS Secret Access Key: <>
Default region name: ap-south-1
Default output format: json
Journalists use OSINT to verify public information before publishing. In 2026, misinformation, AI-generated images, fake…
Docker is an open-source platform that lets you package and run applications inside containers. Each container…
PostgreSQL (often called Postgres) is an open-source relational database system. It supports advanced features like JSON…
Xrdp is an open-source server that lets you connect to your Ubuntu machine from another computer…
Apache Tomcat is an open-source web server and Java servlet container. It is one of the…
Keeping your Ubuntu system updated is one of the best ways to protect it. Security…