Skip to content

Support amazon_s3_takeover test #132

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
aborovsky opened this issue Mar 16, 2023 · 0 comments · Fixed by #133
Closed

Support amazon_s3_takeover test #132

aborovsky opened this issue Mar 16, 2023 · 0 comments · Fixed by #133
Assignees
@aborovsky
Labels
Type: enhancement New feature or request.

Comments

@aborovsky
Copy link
Contributor

aborovsky commented Mar 16, 2023
edited by derevnjuk
Loading

Add support for the amazon_s3_takeover test type to enable the "Amazon AWS S3 bucket takeover" vulnerability scan.

To run this test, it should be possible to use the following code snippet:

it('should not contain link to missing AWS S3 bucket', async () => {
  await runner
    .createScan({
      tests: [TestType.S3_TAKEOVER]
    })
    .timeout(timeout)
    .run({
      method: 'GET',
      url: `${process.env.BROKEN_CRYSTALS_URL}`
    });
});

If the page's body contains a link that points to a 404 resource with the following content:

Code: NoSuchBucket
Message: The specified bucket does not exist
BucketName: cdn.example.com

it indicates that there is a vulnerability.

Please see the following references for more information on this vulnerability:
@aborovsky aborovsky self-assigned this Mar 16, 2023
@aborovsky aborovsky added the Type: enhancement New feature or request. label Mar 16, 2023
aborovsky added a commit that referenced this issue Mar 16, 2023
@aborovsky
feat(scan): add amazon-s3-takeover test type
ddc9388 
closes #132
@aborovsky aborovsky mentioned this issue Mar 16, 2023
Merged
@derevnjuk derevnjuk changed the title Support new amazon_s3_takeover test type Support amazon_s3_takeover test Mar 16, 2023
derevnjuk pushed a commit that referenced this issue Mar 16, 2023
@aborovsky
feat(scan): add support for amazon-s3-takeover test (#133)
ffbc3bd 
closes #132
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aborovsky aborovsky

Labels
Type: enhancement New feature or request.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(scan): add support for amazon-s3-takeover test NeuraLegion/sectester-js
1 participant
@aborovsky