S3 Objects Check on offsec.tools

S3 Objects Check

Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.
#aws   #buckets   #cloud  

Allows identifying publicly accessible objects, as well as objects accessible for AuthenticatedUsers (by using a secondary profile). A number of tools exist which check permissions on buckets, but due to the complexity of IAM resource policies and ACL combinations, the effective permissions on specific objects is often hard to assess. The tool runs fast as it uses asyncio and aiobotocore.