Last active
July 3, 2019 10:45
-
-
Save jakub-roman/ade4c21a6abc3183aeeb7b6891838c61 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import sys | |
import boto3 | |
import random | |
from colorama import Fore, init | |
init() | |
s3 = boto3.client('s3') | |
def check_public(bucket): | |
result = s3.get_bucket_acl(Bucket=bucket) | |
for g in result['Grants']: | |
if g['Grantee']['Type'] == 'Group' and g['Grantee']['URI'] == 'http://acs.amazonaws.com/groups/global/AllUsers': | |
return True | |
return False | |
def get_all_buckets(): | |
result = s3.list_buckets() | |
buckets = [] | |
for b in result['Buckets']: | |
buckets.append(b['Name']) | |
return buckets | |
def has_auth_read(obj): | |
for g in obj['Grants']: | |
if g['Grantee']['Type'] == 'Group' and g['Grantee']['URI'] == 'http://acs.amazonaws.com/groups/global/AuthenticatedUsers': | |
return True | |
return False | |
def get_random_object(objects, count = 0): | |
rand = random.randrange(0,len(objects)) | |
if count > 50: | |
# don't want to retrieve GLACIER files :) | |
raise Exception("Can't find STANDARD class file") | |
if objects[rand]['StorageClass'] == 'STANDARD': | |
return objects[rand]['Key'] | |
else: | |
count += 1 | |
return get_random_object(objects, count) | |
#buckets = ['iflix-prod-sku-report', 'piay.iflix.com'] | |
#for b in buckets: | |
for b in get_all_buckets(): | |
try: | |
if check_public(b): | |
print("Bucket %s is public" % b) | |
else: | |
print("Bucket %s is not public" % b) | |
ls = s3.list_objects_v2(Bucket=b) | |
for i in [1,2,3,4,5]: | |
try: | |
content = ls['Contents'] | |
except KeyError: | |
# empty bucket | |
print("Bucket %s is empty" % b) | |
break | |
f = get_random_object(content) | |
if has_auth_read(s3.get_object_acl(Bucket=b, Key=f)): | |
print("%s File %s has AuthenticatedRead! %s" % (Fore.RED, f, Fore.RESET)) | |
break | |
except Exception as e: | |
print("%s Can't check bucket %s: %s %s" % (Fore.RED, b, e, Fore.RESET)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment