BucketSec is a service to scan AWS S3 buckets and check for misconfigurations.

BucketSec performs security checks and discovers publicly exposed buckets, verifies their access permissions and determines possible misconfigurations. Using BucketSec, bucket owners can safely and privately check the access policy of their S3 buckets, verifying whether the buckets are public, readable, or writable.

Do you want to read more about our analysis of insecure S3 buckets as of June 2018? Read our paper!.

Truster

Truster is an extension for the browser Google Chrome that uses BucketSec to automatically check whether any resource loaded from the websites you visit are from publicly writable (i.e., misconfigured) buckets. Check it out on Github!

Using our service? Please cite us!

If you are using our service, our browser extension, or our data for your academic research, we would be thankful if you could cite our work. 

@inproceedings{continella18:bucketsec,
    author = "Andrea Continella and Mario Polino and Marcello Pogliani and Stefano Zanero",
    title = "There's a Hole in that Bucket! A Large-scale Analysis of Misconfigured S3 Buckets",
    booktitle = "Proceedings of the ACM Annual Computer Security Applications Conference (ACSAC)",
    month = "December",
    year = "2018"
}

Contacts

Did you encounter any problem using our platform? Do you have questions or feedback?

Get in touch with us

BucketSec has been developed at NECSTLab, Politecnico di Milano