diff --git a/atomics/T1530/T1530.yaml b/atomics/T1530/T1530.yaml index 8a6e196f..e391a2e8 100644 --- a/atomics/T1530/T1530.yaml +++ b/atomics/T1530/T1530.yaml @@ -81,3 +81,32 @@ atomic_tests: cleanup_command: | remove-item #{output_file} -erroraction silentlycontinue name: powershell +- name: AWS - Scan for Anonymous Access to S3 + description: | + Upon successful execution, this test will test for anonymous access to AWS S3 buckets and dumps all the files to a local folder. + supported_platforms: + - iaas:aws + input_arguments: + s3_bucket_name: + description: Name of the bucket + type: String + default: "redatomic-test2" + dependencies: + - description: | + Check if ~/.aws/credentials file has a default stanza is configured + prereq_command: | + cat ~/.aws/credentials | grep "default" + aws s3api create-bucket --bucket #{s3_bucket_name} + aws s3api put-bucket-policy --bucket #{s3_bucket_name} --policy file://$PathToAtomicsFolder/T1530/src/policy.json + touch /tmp/T1530.txt + aws s3 cp /tmp/T1530.txt s3://#{s3_bucket_name} + get_prereq_command: | + echo Please install the aws-cli and configure your AWS default profile using: aws configure + executor: + command: | + aws --no-sign-request s3 cp --recursive s3://#{s3_bucket_name} /tmp/#{s3_bucket_name} + cleanup_command: | + aws s3 rb s3://#{s3_bucket_name} --force + rm -rf /tmp/#{s3_bucket_name} + name: sh + elevation_required: false \ No newline at end of file diff --git a/atomics/T1530/src/policy.json b/atomics/T1530/src/policy.json new file mode 100644 index 00000000..78b5a2b8 --- /dev/null +++ b/atomics/T1530/src/policy.json @@ -0,0 +1,18 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": "*", + "Action": [ + "s3:GetObject", + "s3:ListBucket" + ], + "Resource": [ + "arn:aws:s3:::redatomic-test2", + "arn:aws:s3:::redatomic-test2/*" + ] + } + ] +} + \ No newline at end of file