Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/abuvanth/kicks3
S3 bucket finder from html,js and bucket misconfiguration testing tool
https://github.com/abuvanth/kicks3
automation aws aws-s3 bucket-misconfiguration-testing bugbounty s3 s3-bucket-finder security-tools storage
Last synced: about 1 month ago
JSON representation
S3 bucket finder from html,js and bucket misconfiguration testing tool
- Host: GitHub
- URL: https://github.com/abuvanth/kicks3
- Owner: abuvanth
- License: agpl-3.0
- Archived: true
- Created: 2019-04-18T16:00:26.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2020-02-10T12:20:00.000Z (almost 5 years ago)
- Last Synced: 2024-04-24T13:36:35.730Z (8 months ago)
- Topics: automation, aws, aws-s3, bucket-misconfiguration-testing, bugbounty, s3, s3-bucket-finder, security-tools, storage
- Language: Python
- Homepage:
- Size: 53.7 KB
- Stars: 34
- Watchers: 3
- Forks: 13
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-bugbounty-tools - kicks3 - S3 bucket finder from html,js and bucket misconfiguration testing tool (Miscellaneous / Buckets)
- awesome-sec-s3 - kicks3 - S3 bucket finder from html,js and bucket misconfiguration testing tool (Awesome AWS S3 Security [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/mxm0z/awesome-sec-s3))
README
# kicks3
S3 bucket finder from html,js and bucket misconfiguration testing tool.
Currently this tool check five testcases
1. Object listing for Unauthenticated users
2. Object listing for Authenticated users
3. Public writable for all aws users
4. Bucket Acl public read
5. Put Bucket Policy
pip install awscli
aws configure
### get your aws keys from aws console
# Installation
pip install kick-s3
# OR
git clone https://github.com/abuvanth/kicks3.git
cd kicks3
python setup.py install
## Usage
##demo
[![asciicast](https://asciinema.org/a/265305.svg)](https://asciinema.org/a/265305)# single target
kicks3.py -u http://target
this will looking for s3 buckets in html and javascript files.# Single Bucket
kicks3.py -b bucketname
test single bucket name# Bucket list
kicks3.py -bl bucketnamelist.txt
# list of websites
kicks3.py -u http://target -l sitelist.txt
# authenticated page
kicks3.py -u http://target -c 'cookievalues'
# subdomains
kicks3.py -u target.com -s 1
# Use kicks3 as a module
```
import kicks3bucketurllist=kicks3.finds3('target.com')
bucketlist=kicks3.get_bucket_name(bucketurllist)
scan_result=kicks3.scan_s3(bucketlist)for result in scan_result:
print(result)#bucketname(testname),listable_for_unauth_users(true or false),listable_auth_users(true or false),writable(true or false)
```# buckets from text file
```
import kicks3
blist=open('s3.buckets.txt','r').readlines()
result=kicks3.scan_s3(blist)
```
# Scan for subdomains
```
bucketurllist=kicks3.finds3(['target.com'],sub=1,cookies='valueofyoursitescookie') #cookies for authenticated pages,
bucketlist=kicks3.get_bucket_name(bucketurllist)
scan_result=kicks3.scan_s3(bucketlist)for result in scan_result:
print(result)#bucketname(testname),listable_for_unauth_users(true or false),listable_auth_users(true or false),writable(true or false)
```## results are stored in s3out.txt file.
Note: sub and cookies are optional parameters of finds3 function