Skip to content
This repository has been archived by the owner on Aug 16, 2024. It is now read-only.

Latest commit

 

History

History
88 lines (50 loc) · 5.27 KB

README.md

File metadata and controls

88 lines (50 loc) · 5.27 KB

S3 Naked In Public

S3NakedInPublic Banner

Example Code to List all S3 buckets, in the default region config, that have URI Grant access to ..global/AllUsers permissions listed in the ACL.

NOTE: These are code examples created back in 2018. They should be tested before use. I'm open to accepting PRs to improve them. This repository was created with minimalist examples that can work as a place to start.

There are multiple news articles that continue to come out about "leaky AWS S3" (AWS S3 server leaks data from Fortune 100 companies: Ford, Netflix, TD Bank) or "leaving a server unsecured" and S3 configurations "without a password" (A Washington ISP exposed the 'keys to the kingdom' after leaving a server unsecured).

Apple (which had a URI Grant access to ..global/AllUsers as my example code looks for), along with many other companies, have messed up with this before.

What do these articles above have in common? This is lingo for AWS S3 buckets configured to have Public access! At least do a basic audit of your S3 buckets and ensure you aren't doing the same, unless it's being done for a purpose because it means free downloads over here!

Some S3 Basic Examples

Let's say we have a bucket, and it has a Public access ACL granted to it.

Bash Shell Script Example

Running one of my examples, the shell script (which is wrapped around AWSCLI):

./s3nakedinpublic.sh

This example script will output any buckets with Public (specifically, global/AllUsers) in the ACL.

./s3nakedinpublic.sh
uhohthisisbad

Walking Through The AWS Management Console

In this case, uhohthisisbad is an S3 bucket that it found. What does that look like from the AWS console? For one, you can sort by "Public" buckets:

alt text

The dead giveaway is the "Public" icon:

alt text

Within the ACL permissions of the bucket, we would see something like this:

alt text

How do you fix this? AWS has made this as easy as possible. Here it can be changed on the bucket itself:

alt text

You can also do this with less running around, and in bulk:

alt text

You can also do this account wide, but you'd have to be absolutely certain that this won't be breaking functionality where this has been done intentionally for serving files for download or other purposes:

alt text

Now the big "Public" label is no longer on our bucket:

alt text

And the ACL would now look something like this:

alt text

Best Practice

There should be some kind of monitoring implemented in an account in order to alert in the event that a bucket has modifications where itself or contents gain public access, or if new buckets are made with public permissions.

Some resources to look at:

Additional Resources

Scan and Dump Tool Examples