Skip to content

Instantly share code, notes, and snippets.

@jakub-roman jakub-roman/
Last active Jul 3, 2019

What would you like to do?
#!/usr/bin/env python
import sys
import boto3
import random
from colorama import Fore, init
s3 = boto3.client('s3')
def check_public(bucket):
result = s3.get_bucket_acl(Bucket=bucket)
for g in result['Grants']:
if g['Grantee']['Type'] == 'Group' and g['Grantee']['URI'] == '':
return True
return False
def get_all_buckets():
result = s3.list_buckets()
buckets = []
for b in result['Buckets']:
return buckets
def has_auth_read(obj):
for g in obj['Grants']:
if g['Grantee']['Type'] == 'Group' and g['Grantee']['URI'] == '':
return True
return False
def get_random_object(objects, count = 0):
rand = random.randrange(0,len(objects))
if count > 50:
# don't want to retrieve GLACIER files :)
raise Exception("Can't find STANDARD class file")
if objects[rand]['StorageClass'] == 'STANDARD':
return objects[rand]['Key']
count += 1
return get_random_object(objects, count)
#buckets = ['iflix-prod-sku-report', '']
#for b in buckets:
for b in get_all_buckets():
if check_public(b):
print("Bucket %s is public" % b)
print("Bucket %s is not public" % b)
ls = s3.list_objects_v2(Bucket=b)
for i in [1,2,3,4,5]:
content = ls['Contents']
except KeyError:
# empty bucket
print("Bucket %s is empty" % b)
f = get_random_object(content)
if has_auth_read(s3.get_object_acl(Bucket=b, Key=f)):
print("%s File %s has AuthenticatedRead! %s" % (Fore.RED, f, Fore.RESET))
except Exception as e:
print("%s Can't check bucket %s: %s %s" % (Fore.RED, b, e, Fore.RESET))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.