{"id":13846092,"url":"https://github.com/nikhil1232/Bucket-Flaws","last_synced_at":"2025-07-12T04:30:56.091Z","repository":{"id":51226518,"uuid":"232129500","full_name":"nikhil1232/Bucket-Flaws","owner":"nikhil1232","description":"Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations","archived":false,"fork":false,"pushed_at":"2020-07-26T03:21:41.000Z","size":286,"stargazers_count":56,"open_issues_count":1,"forks_count":19,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-08-05T17:45:39.050Z","etag":null,"topics":["application-security","aws-s3","bucket","bug-bounty","bugbounty","s3","s3-bucket","s3-buckets","security-misconfiguration","wapt"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nikhil1232.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-01-06T15:28:56.000Z","updated_at":"2024-08-01T23:36:21.000Z","dependencies_parsed_at":"2022-08-23T23:20:12.899Z","dependency_job_id":null,"html_url":"https://github.com/nikhil1232/Bucket-Flaws","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nikhil1232%2FBucket-Flaws","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nikhil1232%2FBucket-Flaws/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nikhil1232%2FBucket-Flaws/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nikhil1232%2FBucket-Flaws/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nikhil1232","download_url":"https://codeload.github.com/nikhil1232/Bucket-Flaws/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225791541,"owners_count":17524804,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["application-security","aws-s3","bucket","bug-bounty","bugbounty","s3","s3-bucket","s3-buckets","security-misconfiguration","wapt"],"created_at":"2024-08-04T17:04:20.134Z","updated_at":"2024-11-21T19:31:09.574Z","avatar_url":"https://github.com/nikhil1232.png","language":"Shell","funding_links":[],"categories":["Shell"],"sub_categories":[],"readme":"# Bucket Flaws (S3 Bucket Mass Scanner)\n## Bucket Flaws: A Simple Lightweight Script that can take a list of bucket names and check for Common S3 Bucket Misconfigurations\n\n![Image of BucketFlaws](https://github.com/nikhil1232/Bucket-Flaws/blob/master/images/upload.png)\n\n\nThis is a very small and light bash script that can take both a list of buckets as well a single bucket and perform some basic security checks.\n\n## Misconfigurations\n\n### 1) Unauthenticated Bucket Access\n\n- Checks for Directory Listing\n- Tries to upload a file (upload.png)\n\n### 2) Authenticated Bucket Access (This means being authenticated to any aws account)\n\n#### Bucket Level Checks\n\n- Checks for Directory Listing\n- Checks for some interesting files/folders based on the keywords provided in the sensitive.txt\n- Tries to fetch the Bucket ACL\n- Tries to upload a file (bucket.png)\n- Tries to dump the whole bucket (optional -d flag)\n- Tries to modify the Bucket ACL (optional -p flag)\n\n#### Object Level Checks\n\n- Tries to fetch object ACL\n- Tries to fetch object metadata\n- Tries to dump the object (optional)\n- Tries to modify the object ACL\n\n## Usage\n\n### Install Reqirements:\n\u003ccode\u003e**pip install -r requirements.txt**\u003c/code\u003e\n\nUsage:\n-u for single bucket\n-f for file containing the list of all the buckets\n-o for performing object level analysis\n-p for changing the bucket ACL if allowed\n-d for dumping the whole bucket if allowed\n-h for help\n\nEg:\u003c/br\u003e \u003ccode\u003e**./bucketflaws.sh -u bucketname**\u003c/code\u003e\u003c/br\u003e\n   \u003ccode\u003e **./bucketflaws.sh -f filepath**\u003c/code\u003e\u003c/br\u003e\n\nFor performing object level checks as well:\u003cbr/\u003e\n   \u003ccode\u003e**./bucketflaws.sh -u bucketname -o**\u003c/code\u003e\u003c/br\u003e\n\nFor modifying Bucket ACL if possible:\u003cbr/\u003e\n    \u003ccode\u003e**./bucketflaws.sh -u bucketname -o -p**\u003c/code\u003e\u003c/br\u003e\n\nPerforms all the checks as well as tries to dump the whole bucket(Recommended way):\u003cbr/\u003e\n  \u003ccode\u003e**./bucketflaws.sh -u bucketname -o -p -d**\u003c/code\u003e\u003c/br\u003e\n\nSame as above but for a list of buckets:\u003cbr/\u003e\n \u003ccode\u003e**./bucketflaws.sh -f filepath -o -p -d**\u003c/code\u003e\u003c/br\u003e\n \nFor storing the output to a txt file:\u003cbr/\u003e\n \u003ccode\u003e**./bucketflaws.sh -f filepath -o -p -d | tee output.txt \u0026\u0026 sed -i 's/\\x1B\\[[0-9;]\\+[A-Za-z]//g' output.txt** \u003c/code\u003e\u003c/br\u003e\n\n\n\n![Image of BucketFlaws -u](https://raw.githubusercontent.com/nikhil1232/Bucket-Flaws/master/images/bucket.png)\n\n![Image of BucketFlaws -f](https://raw.githubusercontent.com/nikhil1232/Bucket-Flaws/master/images/bucket-list.png)\n\n## Walkthrough\n\n[![Bucket-Flaws](https://i.ibb.co/ZS8YtG8/https-drive-google.jpg)](https://drive.google.com/file/d/1C56TP4ZB99b6vMcEI8vLxyfCHE-kCUgR/preview \"Bucket-Flaws\")\n\n**NOTE: For Authenticated Check you need to make sure you have configured your aws cli.**\n\nRefer this link for configuring AWS CLI:\nhttps://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html\n\n\n\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnikhil1232%2FBucket-Flaws","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnikhil1232%2FBucket-Flaws","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnikhil1232%2FBucket-Flaws/lists"}