Seeking Advice: Scripting Active Scan for S3 Bucket URLs
38 views
Skip to first unread message
vuld0
unread,
May 9, 2024, 5:23:38 AMMay 9
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to ZAP Developer Group
Hi.I'm currently working on scripting an active scan in OWASP ZAP and aiming to identify S3 bucket URLs in HTTP messages. I've successfully achieved this initial step. However, I've hit a roadblock in determining whether the identified S3 bucket URLs are readable.
I'm contemplating using the AWS SDK API to perform a read operation on the identified S3 bucket URLs. However, I'm curious if there are alternative methods or best practices that I should consider.
Could anyone provide insights or suggestions on how to proceed with this task? Any advice or experiences you could share would be greatly appreciated.
Thank you in advance for your assistance!
psiinon
unread,
May 9, 2024, 6:18:56 AMMay 9
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to ZAP Developer Group
That sounds like a good approach to me.
I'm not aware of any other suitable options.
Cheers,
Simon
vuld0
unread,
May 11, 2024, 9:37:55 AMMay 11
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to ZAP Developer Group
Hey Simon,
Thank you. I'm not sure if I could ask zap script-related questions here. Is it fine to do that here, or is there any other group where I can converse about this? Sorry, I'm new to the platform.
thc...@gmail.com
unread,
May 12, 2024, 2:44:59 AMMay 12
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message