Source: GitHub Author: unknown URL: https://github.com/FogSecurity/yes3-scanner
-
ONE SENTENCE SUMMARY: YES3 is a Python-based tool that scans AWS accounts for S3 bucket misconfigurations, focusing on access, security, and ransomware protection.
-
MAIN POINTS:
-
YES3 scans AWS S3 buckets for access, encryption, and security misconfigurations.
-
Detects public access via ACLs, policies, and website settings.
-
Checks for preventative settings like Public Access Block and disabled ACLs.
-
Identifies additional security configurations like encryption and server access logging.
-
Evaluates ransomware protection through Object Lock and versioning.
-
Outputs detailed reports of potential issues per bucket.
-
Requires Python 3, boto3, and proper AWS IAM permissions to run.
-
Scans globally with region input for quota checks via Boto3 client.
-
Offers a private beta for multi-account and object-level scanning.
-
Installation is via pip and requirements.txt; virtual environments are supported.
-
TAKEAWAYS:
-
YES3 helps secure S3 by identifying misconfigurations and potential vulnerabilities.
-
Reports include granular bucket-level security details for actionable insights.
-
Public access detection spans multiple configurations including ACLs and policies.
-
Additional features like Object Lock and lifecycle policies enhance ransomware protection.
-
The tool is actively developed, with expanded functionality planned for future releases.