![Hits](https://camo.githubusercontent.com/19b878ae0cbf2782ea84234807214b0f2120bb4d2b9194aafc803bba949d605b/68747470733a2f2f686974732e736565796f756661726d2e636f6d2f6170692f636f756e742f696e63722f62616467652e7376673f75726c3d68747470732533412532462532466769746875622e636f6d25324670617373776f72643132333435362532466869742d636f756e74657226636f756e745f62673d253233373943383344267469746c655f62673d2532333535353535352669636f6e3d2669636f6e5f636f6c6f723d253233453745374537267469746c653d6869747326656467655f666c61743d66616c7365)
- Simple dictionary based read, write, delete permission audit tool for aws s3 bucket written in python.
- Need to aws-cli (Here get it.)
- The scan result only show 'true/ false /not given'
- if you see the true flag in the result, have to further scanning or do others ways to find out vulnerability.
- Get the ACL of the S3 bucket using aws credential(access_key method) and fix the vulnerable permission.
# pip install requests
# python main.py
##### Scan Completed ####
1,2022-04-12 19:39:52 yours3domain.s3.ap-northeast-1.amazonaws.com [ListObject: False, PutObject: False, DeleteObject: False]
2,2022-04-12 19:39:56 yours3domain.s3.amazonaws.com [ListObject: False, PutObject: False, DeleteObject: False]
##### This is not S3(?). Make sure domain is correct. ####
1,2022-04-12 19:39:56 nots3domain.com [ListObject: Not_Given, PutObject: Not_Given, DeleteObject: Not_Given]
2,2022-04-12 19:39:56 nots3domain.com [ListObject: Not_Given, PutObject: Not_Given, DeleteObject: Not_Given]
3,2022-04-12 19:39:56 nots3domain.com [ListObject: Not_Given, PutObject: Not_Given, DeleteObject: Not_Given]
4,2022-04-12 19:39:56 nots3domain.com [ListObject: Not_Given, PutObject: Not_Given, DeleteObject: Not_Given]