Seeking Advice: Scripting Active Scan for S3 Bucket URLs

vuld0

unread,

May 9, 2024, 5:23:38 AMMay 9

to ZAP Developer Group

Hi.I'm currently working on scripting an active scan in OWASP ZAP and aiming to identify S3 bucket URLs in HTTP messages. I've successfully achieved this initial step. However, I've hit a roadblock in determining whether the identified S3 bucket URLs are readable.

I'm contemplating using the AWS SDK API to perform a read operation on the identified S3 bucket URLs. However, I'm curious if there are alternative methods or best practices that I should consider.

Could anyone provide insights or suggestions on how to proceed with this task? Any advice or experiences you could share would be greatly appreciated.

Thank you in advance for your assistance!

psiinon

unread,

May 9, 2024, 6:18:56 AMMay 9

to ZAP Developer Group

That sounds like a good approach to me.

I'm not aware of any other suitable options.

Cheers,

Simon

vuld0

unread,

May 11, 2024, 9:37:55 AMMay 11

to ZAP Developer Group

Hey Simon,

Thank you. I'm not sure if I could ask zap script-related questions here. Is it fine to do that here, or is there any other group where I can converse about this? Sorry, I'm new to the platform.

thc...@gmail.com

unread,

May 12, 2024, 2:44:59 AMMay 12

to zaproxy...@googlegroups.com

Hi,

There's a dedicated group for script related questions:
https://groups.google.com/g/zaproxy-scripts/

Best regards.

vuld0

unread,

May 12, 2024, 6:44:06 AMMay 12

to ZAP Developer Group

Hi, Sure, will use that. Thank you

Reply all

Reply to author

Forward