Frameworks

S3Scanner: Dirty script to find unsecured S3 buckets and dump their contents

S3Scanner
Written by Mubassir patel

S3Scanner

S3Scanner is a quick and dirty script to find unsecured S3 buckets and dump their contents 💧

Using

The tool has 2 parts:

1 – s3finder.py

This script takes a list of domain names and checks if they’re hosted on Amazon S3. Found S3 domains are output to file with their corresponding region in the format “domain:region”.

S3Scanner: Dirty script to find unsecured S3 buckets and dump their contents

  • Install:
    1. (Optional) virtualenv venv && source ./venv/bin/activate
    2. pip install -r requirements.txt
  • Usage: $> python s3finder.py -o output.txt domainsToCheck.txt

Compatibility: Tested with Python 2.7 & 3.6

Read This: How to protect your pc against specter and meltdown vulnerability?

2 – s3dumper.sh

This script takes in a list of domains with regions made by s3finder.py. For each domain, it checks if there are publicly readable buckets and dumps them if so.

Usage: $> s3dumper.sh output.txt

Requirements: aws-cli

S3Scanner

Read This: InstaBrute: Instagram Hacking Tool.

About the author

Mubassir patel

Mubassir is a founder and developer of this site. He is a computer science engineer. He has a very deep interest in ethical hacking, penetration testing, website development and including all technology topic.

Leave a Comment