S3BucketLeaks – External audit of Amazon S3 Bucket configuration to prevent data breach (offensive side).
The main interest of this tool is to try to upload and remove a file in the target bucket to know if the write (up and/or remove) perm is allowed to everyone even if the listing one isn’t. However, some other features which already exist in many tools are centralized in this one for convenience.
See AWScli S3 doc(https://docs.aws.amazon.com/cli/latest/reference/s3/index.html#cli-aws-s3) and AWScli S3API doc(https://docs.aws.amazon.com/cli/latest/reference/s3api/index.html#cli-aws-s3api) for more specific cmd.
+ Remove test: allow to quit ;
+ Check if it is possible to write ACL on bucket and objetcts (put-bucket-acl & put-object-acl);
+ Allow to select keylist to read only intersting files.
+ Python2 and awscli python2 library.
Use and Download:
git clone https://github.com/zweisamkeit/S3BucketsLeaks && cd S3BucketsLeaks
pip install awscli