You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The default AWS credentials file ~/.aws/credentials is not being read, thus only checks for anonymous permissions are being made. AuthUsers in the output will likely always be [] - meaning "no permissions". This can be a false negative.
Reproduction
Create a bucket in AWS S3 with no READ permissions (except implicit permission to the owner)
Configure credentials with aws configure
Run s3scanner -bucket your-bucket-here
Observe the output INFO exists | your-bucket-here | us-east-1 | AuthUsers: [] | AllUsers: []
Bug
The default AWS credentials file
~/.aws/credentials
is not being read, thus only checks for anonymous permissions are being made.AuthUsers
in the output will likely always be[]
- meaning "no permissions". This can be a false negative.Reproduction
aws configure
s3scanner -bucket your-bucket-here
INFO exists | your-bucket-here | us-east-1 | AuthUsers: [] | AllUsers: []
Expected output
INFO exists | s3scanner-private | us-east-1 | AuthUsers: [READ, READACP] | AllUsers: []
Thank you to Twitter user
@thaivd98
for reporting this.The text was updated successfully, but these errors were encountered: