From 10e6c075f7bbb393ea078e663e7183842b1c5657 Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Sun, 29 Nov 2020 23:22:03 +1100
Subject: [PATCH] Add tool nccgroup/s3_objects_check

---
 AWS Amazon Bucket S3/README.md                   | 1 +
 Methodology and Resources/Cloud - AWS Pentest.md | 9 +++++++++
 2 files changed, 10 insertions(+)

diff --git a/AWS Amazon Bucket S3/README.md b/AWS Amazon Bucket S3/README.md
index e9a574f..6d61811 100644
--- a/AWS Amazon Bucket S3/README.md	
+++ b/AWS Amazon Bucket S3/README.md	
@@ -42,6 +42,7 @@
 	except Exception as e:
 		print(e)
 	```
+- [s3_objects_check - Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files](https://github.com/nccgroup/s3_objects_check)
 
 ## AWS Configuration
 
diff --git a/Methodology and Resources/Cloud - AWS Pentest.md b/Methodology and Resources/Cloud - AWS Pentest.md
index 094c10a..1fc6c16 100644
--- a/Methodology and Resources/Cloud - AWS Pentest.md	
+++ b/Methodology and Resources/Cloud - AWS Pentest.md	
@@ -115,6 +115,15 @@
     $ python scout.py azure --cli
     ```
 
+* **s3_objects_check** : https://github.com/nccgroup/s3_objects_check
+    ```powershell
+    $ git clone https://github.com/nccgroup/s3_objects_check && cd s3_objects_check
+    $ python3 -m venv env && source env/bin/activate
+    $ pip install -r requirements.txt
+    $ python s3-objects-check.py -h
+    $ python s3-objects-check.py -p whitebox-profile -e blackbox-profile
+    ```
+
 * **weirdAAL** : AWS Attack Library https://github.com/carnal0wnage/weirdAAL/wiki
     ```powershell
     python3 weirdAAL.py -m ec2_describe_instances -t demo