jakub-roman/buckets.py

## buckets.py
#!/usr/bin/env python

import sys
import boto3
import random
from colorama import Fore, init

init()
s3 = boto3.client('s3')

def check_public(bucket):
  result = s3.get_bucket_acl(Bucket=bucket)
  for g in result['Grants']:
    if g['Grantee']['Type'] == 'Group' and g['Grantee']['URI'] == 'http://acs.amazonaws.com/groups/global/AllUsers':
      return True
  return False

def get_all_buckets():
  result = s3.list_buckets()
  buckets = []
  for b in result['Buckets']:
    buckets.append(b['Name'])
  return buckets

def has_auth_read(obj):
  for g in obj['Grants']:
    if g['Grantee']['Type'] == 'Group' and g['Grantee']['URI'] == 'http://acs.amazonaws.com/groups/global/AuthenticatedUsers':
      return True
  return False

def get_random_object(objects, count = 0):
  rand = random.randrange(0,len(objects))
  if count > 50:
    # don't want to retrieve GLACIER files :)
    raise Exception("Can't find STANDARD class file")
  if objects[rand]['StorageClass'] == 'STANDARD':
    return objects[rand]['Key']
  else:
    count += 1
    return get_random_object(objects, count)


#buckets = ['iflix-prod-sku-report', 'piay.iflix.com']
#for b in buckets:
for b in get_all_buckets():
  try:
    if check_public(b):
      print("Bucket %s is public" % b)
    else:
      print("Bucket %s is not public" % b)
      ls = s3.list_objects_v2(Bucket=b)
      for i in [1,2,3,4,5]:
        try:
          content = ls['Contents']
        except KeyError:
          # empty bucket
          print("Bucket %s is empty" % b)
          break
        f = get_random_object(content)
        if has_auth_read(s3.get_object_acl(Bucket=b, Key=f)):
          print("%s File %s has AuthenticatedRead! %s" % (Fore.RED, f, Fore.RESET))
          break
  except Exception as e:
    print("%s Can't check bucket %s: %s %s" % (Fore.RED, b, e, Fore.RESET))
	#!/usr/bin/env python

	import sys
	import boto3
	import random
	from colorama import Fore, init

	init()
	s3 = boto3.client('s3')

	def check_public(bucket):
	result = s3.get_bucket_acl(Bucket=bucket)
	for g in result['Grants']:
	if g['Grantee']['Type'] == 'Group' and g['Grantee']['URI'] == 'http://acs.amazonaws.com/groups/global/AllUsers':
	return True
	return False

	def get_all_buckets():
	result = s3.list_buckets()
	buckets = []
	for b in result['Buckets']:
	buckets.append(b['Name'])
	return buckets

	def has_auth_read(obj):
	for g in obj['Grants']:
	if g['Grantee']['Type'] == 'Group' and g['Grantee']['URI'] == 'http://acs.amazonaws.com/groups/global/AuthenticatedUsers':
	return True
	return False

	def get_random_object(objects, count = 0):
	rand = random.randrange(0,len(objects))
	if count > 50:
	# don't want to retrieve GLACIER files :)
	raise Exception("Can't find STANDARD class file")
	if objects[rand]['StorageClass'] == 'STANDARD':
	return objects[rand]['Key']
	else:
	count += 1
	return get_random_object(objects, count)


	#buckets = ['iflix-prod-sku-report', 'piay.iflix.com']
	#for b in buckets:
	for b in get_all_buckets():
	try:
	if check_public(b):
	print("Bucket %s is public" % b)
	else:
	print("Bucket %s is not public" % b)
	ls = s3.list_objects_v2(Bucket=b)
	for i in [1,2,3,4,5]:
	try:
	content = ls['Contents']
	except KeyError:
	# empty bucket
	print("Bucket %s is empty" % b)
	break
	f = get_random_object(content)
	if has_auth_read(s3.get_object_acl(Bucket=b, Key=f)):
	print("%s File %s has AuthenticatedRead! %s" % (Fore.RED, f, Fore.RESET))
	break
	except Exception as e:
	print("%s Can't check bucket %s: %s %s" % (Fore.RED, b, e, Fore.RESET))