Merge pull request #294 from lanjelot/add-s3-objects-check

Add tool nccgroup/s3_objects_check
2024-11-10 15:14:34 +00:00 · 2020-11-29 19:25:07 +01:00 · 2020-11-29 19:25:07 +01:00 · 3314f8bd99
commit 3314f8bd99
parent 7cd34d4ffa bca107cc64
2 changed files with 40 additions and 33 deletions
--- a/S3/README.md
+++ b/S3/README.md
@ -2,7 +2,6 @@

 ## Summary

- [Tools](#tools)
 - [AWS Configuration](#aws-configuration)
 - [Open Bucket](#open-bucket)
 - [Basic tests](#basic-tests)
@ -13,35 +12,6 @@
 - [AWS - Extract Backup](#aws---extract-backup)
 - [Bucket juicy data](#bucket-juicy-data)

-## Tools
-
- [Pacu - The AWS exploitation framework, designed for testing the security of Amazon Web Services environments](https://github.com/RhinoSecurityLabs/pacu)
- [Bucket Finder - Search for readable buckets and list all the files in them](https://digi.ninja/)
-	```powershell
-	wget https://digi.ninja/files/bucket_finder_1.1.tar.bz2 -O bucket_finder_1.1.tar.bz2
-	./bucket_finder.rb my_words
-	./bucket_finder.rb --region ie my_words
-		US Standard         = http://s3.amazonaws.com
-		Ireland             = http://s3-eu-west-1.amazonaws.com
-		Northern California = http://s3-us-west-1.amazonaws.com
-		Singapore           = http://s3-ap-southeast-1.amazonaws.com
-		Tokyo               = http://s3-ap-northeast-1.amazonaws.com
-
-	./bucket_finder.rb --download --region ie my_words
-	./bucket_finder.rb --log-file bucket.out my_words
-	```
- [Boto3 - Amazon Web Services (AWS) SDK for Python](https://boto3.amazonaws.com/v1/documentation/api/latest/index.html)
-	```python
-	import boto3
-	# Create an S3 client
-	s3 = boto3.client('s3',aws_access_key_id='AKIAJQDP3RKREDACTED',aws_secret_access_key='igH8yFmmpMbnkcUaCqXJIRIozKVaREDACTED',region_name='us-west-1')
-
-	try:
-		result = s3.list_buckets()
-		print(result)
-	except Exception as e:
-		print(e)
-	```

 ## AWS Configuration

--- a/Resources/Cloud
+++ b/Resources/Cloud
@ -36,7 +36,7 @@

 ## Tools

-* **SkyArk** - Discover the most privileged users in the scanned AWS environment - including the AWS Shadow Admins.   
+* **SkyArk** : Discover the most privileged users in the scanned AWS environment - including the AWS Shadow Admins.   
    Require:
    - Read-Only permissions over IAM service

@ -52,7 +52,7 @@
    PS C> Scan-AWShadowAdmins  
    ```

-* **Pacu** - Pacu allows penetration testers to exploit configuration flaws within an AWS environment using an extensible collection of modules with a diverse feature-set.    
+* **Pacu** : Pacu allows penetration testers to exploit configuration flaws within an AWS environment using an extensible collection of modules with a diverse feature-set.    
    Require:
    - AWS Keys

@ -68,6 +68,34 @@
    # https://github.com/RhinoSecurityLabs/pacu/wiki/Module-Details
    ```

+* **Bucket Finder** : Search for readable buckets and list all the files in them https://digi.ninja/
+	```powershell
+	wget https://digi.ninja/files/bucket_finder_1.1.tar.bz2 -O bucket_finder_1.1.tar.bz2
+	./bucket_finder.rb my_words
+	./bucket_finder.rb --region ie my_words
+		US Standard         = http://s3.amazonaws.com
+		Ireland             = http://s3-eu-west-1.amazonaws.com
+		Northern California = http://s3-us-west-1.amazonaws.com
+		Singapore           = http://s3-ap-southeast-1.amazonaws.com
+		Tokyo               = http://s3-ap-northeast-1.amazonaws.com
+
+	./bucket_finder.rb --download --region ie my_words
+	./bucket_finder.rb --log-file bucket.out my_words
+	```
+
+* **Boto3** : Amazon Web Services (AWS) SDK for Python https://boto3.amazonaws.com/v1/documentation/api/latest/index.html
+	```python
+	import boto3
+	# Create an S3 client
+	s3 = boto3.client('s3',aws_access_key_id='AKIAJQDP3RKREDACTED',aws_secret_access_key='igH8yFmmpMbnkcUaCqXJIRIozKVaREDACTED',region_name='us-west-1')
+
+	try:
+		result = s3.list_buckets()
+		print(result)
+	except Exception as e:
+		print(e)
+	```
+
 * **Prowler** : AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark and DOZENS of additional checks including GDPR and HIPAA (+100).    
    Require:
    - arn:aws:iam::aws:policy/SecurityAudit
@ -106,7 +134,7 @@
    pmapper argquery --principal '*' --resource user/PowerUser --preset connected
    ```

-* **ScoutSuite** : https://github.com/nccgroup/ScoutSuite/wiki
+* **ScoutSuite** : Multi-Cloud Security Auditing Tool https://github.com/nccgroup/ScoutSuite/wiki
    ```powershell
    $ git clone https://github.com/nccgroup/ScoutSuite
    $ python scout.py PROVIDER --help
@ -115,6 +143,15 @@
    $ python scout.py azure --cli
    ```

+* **s3_objects_check** : Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files
+    ```powershell
+    $ git clone https://github.com/nccgroup/s3_objects_check && cd s3_objects_check
+    $ python3 -m venv env && source env/bin/activate
+    $ pip install -r requirements.txt
+    $ python s3-objects-check.py -h
+    $ python s3-objects-check.py -p whitebox-profile -e blackbox-profile
+    ```
+
 * **weirdAAL** : AWS Attack Library https://github.com/carnal0wnage/weirdAAL/wiki
    ```powershell
    python3 weirdAAL.py -m ec2_describe_instances -t demo