Description
kicks3 discovers S3 buckets referenced in HTML pages, JavaScript files, and text content. It checks each discovered bucket for misconfigurations including public listing, public read, and public write access.
Installation
BASH
git clone https://github.com/abuvanth/kicks3.git
cd kicks3
pip3 install -r requirements.txtBasic Usage
BASH
# Check a URL for S3 references
python3 kicks3.py -u https://target.com
# Check permissions on a known bucket
python3 kicks3.py -b bucket-nameAdvanced Usage
BASH
# From file
python3 kicks3.py -l urls.txt
# Check only specific permissions
python3 kicks3.py -b bucket-name --check-write
# Verbose output
python3 kicks3.py -u https://target.com -vCommon Workflows
BASH
# Step 1: Crawl JS files for S3 references
gau target.com | grep "\.js$" | sort -u > js_files.txt
cat js_files.txt | xargs -I{} curl -s {} | grep -oE "[a-zA-Z0-9-]+\.s3\.amazonaws\.com" | sort -u
# Step 2: Check permissions
python3 kicks3.py -b discovered-bucket
# Step 3: Try listing
aws s3 ls s3://discovered-bucket --no-sign-request