objectify-s3

Objectify-s3 is a fully automated scanner that recursively scans all AWS S3 buckets and objects in your AWS account for misconfigured permissions. Unlike most S3 auditing tools that only show bucket policy misconfigurations, this one checks object level ACLs as well, recursively.

Requirements

1. Ruby (Comes preinstalled with Mac and most Linux distributions)
2. awscli (Objectify-s3 will install, if not found)
3. Git (Comes preinstalled with all Mac and linux distributions)

Installation

• Set up your awscli credentials, if not done already. Follow these instructions
• Remove previous installation, if any

rm -rf ~/objectify-s3

• Then, Use this one liner

cd ~; git clone https://github.com/emgaurav/objectify-s3.git; cd objectify-s3; bash setup.sh

• Finally, Run source ~/.bashrc or source ~/.zshrc depending on your shell type to source the alias. Alternatively, you can close and reopen your terminal window.

Usage

• To run a fully automated scan

objectify-s3

• To scan a single bucket

objectify-s3 -b bucket-name

• To scan a list buckets

objectify-s3 -r /full/path/to/file.txt

An HTML report is generated and stored at ~/objectify-s3/out.html

Note: You must provide the full path to file even if it is in your current directory
objectify-s3 runs with 'default' aws credentials profile. Custom profiles are not supported yet.

Press Ctrl + \ to skip finding objects from current bucket or directory

Sample Output

Supported Platforms

1. Linux
2. MAC

Credits/References

https://faraday.ai/blog/finding-public-s3-objects/