skwashd/README.md

## README.md

      
    Raw
  

              README.md
            
          
    I'm not Dow Jones

This script will audit your S3 buckets and flag those with configuration that might cause you to be the next Dow Jones.
Quick Start


Clone this gist - git clone https://gist.github.com/8bfcd7096558044dc84689ac05575fa8.git im-not-dow-jones
Change into the newly created directory - im-not-dow-jones
Install the dependencies - pip install -r requirements.txt
Setup your AWS credentials - aws configure (The account will need full access to your S3 buckets)
Set the excute bit on the script - chmod +x im-not-dow-jones.py
Run the script - ./im-not-dow-jones.py > s3-audit.csv

Disclaimer

I am not associated with Dow Jones. This script is not endorsed by Dow Jones. I'm sure Dow Jones wish they had a script like this last month.
I am not responsible if you experience a data breach before, during or after running this script. Your security is your responsibility. This script it designed to assist you in finding issue, but it isn't designed to be full proof.

  
## im-not-dow-jones.py
#! /usr/bin/env python

"""Check if you're at risk of being the next Dow Jones.

This script will identify S3 buckets with public access or public items.

Written (quickly) by Dave Hall <skwashd@gmail.com>
"""

from __future__ import print_function
import boto3

def has_public_grants(grants):
  """Check if bucket or object has any public grants.

  :param grants: The grants object to check.
  :type grants: dict.
  :return: True if there are any public grants.
  :rtype: bool.
  """
  for grant in grants:
    if grant['Grantee']['Type'] == 'Group' \
      and grant['Grantee'].get('URI', '') == 'http://acs.amazonaws.com/groups/global/AllUsers':

      return True
  return False

def has_public_items(bucket):
  """Check if the bucket contains object with public access.

  :param bucket: The S3 bucket to check.
  :type bucket: S3.Bucket.
  :return: The number of items with public grants in the bucket.
  :rtype: int.
  """
  i = 0
  for obj in bucket.objects.all():
    if has_public_grants(obj.Acl().grants):
      i += 1

  return i

print('Bucket,Public_Access,Public_Items')

s3 = boto3.resource('s3')
for bucket in s3.buckets.all():
  public_access = has_public_grants(s3.BucketAcl(bucket.name).grants)

  line = '{bucket},{public_access},{public_items}'.format(
          bucket=bucket.name,
          public_access=int(public_access),
          public_items=has_public_items(bucket)
        )
  print(line)

## requirements.txt
boto3
	#! /usr/bin/env python

	"""Check if you're at risk of being the next Dow Jones.

	This script will identify S3 buckets with public access or public items.

	Written (quickly) by Dave Hall <skwashd@gmail.com>
	"""

	from __future__ import print_function
	import boto3

	def has_public_grants(grants):
	"""Check if bucket or object has any public grants.

	:param grants: The grants object to check.
	:type grants: dict.
	:return: True if there are any public grants.
	:rtype: bool.
	"""
	for grant in grants:
	if grant['Grantee']['Type'] == 'Group' \
	and grant['Grantee'].get('URI', '') == 'http://acs.amazonaws.com/groups/global/AllUsers':

	return True
	return False

	def has_public_items(bucket):
	"""Check if the bucket contains object with public access.

	:param bucket: The S3 bucket to check.
	:type bucket: S3.Bucket.
	:return: The number of items with public grants in the bucket.
	:rtype: int.
	"""
	i = 0
	for obj in bucket.objects.all():
	if has_public_grants(obj.Acl().grants):
	i += 1

	return i

	print('Bucket,Public_Access,Public_Items')

	s3 = boto3.resource('s3')
	for bucket in s3.buckets.all():
	public_access = has_public_grants(s3.BucketAcl(bucket.name).grants)

	line = '{bucket},{public_access},{public_items}'.format(
	bucket=bucket.name,
	public_access=int(public_access),
	public_items=has_public_items(bucket)
	)
	print(line)