Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/abuvanth/kicks3

S3 bucket finder from html,js and bucket misconfiguration testing tool
https://github.com/abuvanth/kicks3

automation aws aws-s3 bucket-misconfiguration-testing bugbounty s3 s3-bucket-finder security-tools storage

Last synced: 5 days ago
JSON representation

S3 bucket finder from html,js and bucket misconfiguration testing tool

Host: GitHub
URL: https://github.com/abuvanth/kicks3
Owner: abuvanth
License: agpl-3.0
Archived: true
Created: 2019-04-18T16:00:26.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2020-02-10T12:20:00.000Z (over 4 years ago)
Last Synced: 2024-04-24T13:36:35.730Z (7 months ago)
Topics: automation, aws, aws-s3, bucket-misconfiguration-testing, bugbounty, s3, s3-bucket-finder, security-tools, storage
Language: Python
Homepage:
Size: 53.7 KB
Stars: 34
Watchers: 3
Forks: 13
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-bugbounty-tools - kicks3 - S3 bucket finder from html,js and bucket misconfiguration testing tool (Miscellaneous / Buckets)
awesome-sec-s3 - kicks3 - S3 bucket finder from html,js and bucket misconfiguration testing tool (Awesome AWS S3 Security [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/mxm0z/awesome-sec-s3))

README

        # kicks3

S3 bucket finder from html,js and bucket misconfiguration testing tool.

Currently this tool check five testcases

1. Object listing for Unauthenticated users

2. Object listing for Authenticated users

3. Public writable for all aws users

4. Bucket Acl public read

5. Put Bucket Policy

pip install awscli

aws configure

### get your aws keys from aws console

# Installation

pip install kick-s3

# OR

git clone https://github.com/abuvanth/kicks3.git

cd kicks3

python setup.py install

## Usage

##demo

[![asciicast](https://asciinema.org/a/265305.svg)](https://asciinema.org/a/265305)

# single target

 kicks3.py -u http://target

 

 this will looking for s3 buckets in html and javascript files.

# Single Bucket 

 kicks3.py -b bucketname

 

 test single bucket name

# Bucket list

 kicks3.py -bl bucketnamelist.txt

# list of websites 

 kicks3.py -u http://target -l sitelist.txt

# authenticated page

 kicks3.py -u http://target -c 'cookievalues'

# subdomains

 kicks3.py -u target.com -s 1

# Use kicks3 as a module

```

import kicks3

bucketurllist=kicks3.finds3('target.com')

bucketlist=kicks3.get_bucket_name(bucketurllist)

scan_result=kicks3.scan_s3(bucketlist)

for result in scan_result:

    print(result)#bucketname(testname),listable_for_unauth_users(true or false),listable_auth_users(true or false),writable(true or false)

```

# buckets from text file

```

import kicks3

blist=open('s3.buckets.txt','r').readlines()

result=kicks3.scan_s3(blist)

```

# Scan for subdomains 

```

bucketurllist=kicks3.finds3(['target.com'],sub=1,cookies='valueofyoursitescookie') #cookies for authenticated pages,

bucketlist=kicks3.get_bucket_name(bucketurllist)

scan_result=kicks3.scan_s3(bucketlist)

for result in scan_result:

    print(result)#bucketname(testname),listable_for_unauth_users(true or false),listable_auth_users(true or false),writable(true or false)

```

## results are stored in s3out.txt file.

Note: sub and cookies are optional parameters of finds3 function