S3Scanner is a quick and dirty script to find unsecured S3 buckets and dump their contents 💧
The tool has 2 parts:
1 – s3finder.py
This script takes a list of domain names and checks if they’re hosted on Amazon S3. Found S3 domains are output to file with their corresponding region in the format “domain:region”.
virtualenv venv && source ./venv/bin/activate
pip install -r requirements.txt
$> python s3finder.py -o output.txt domainsToCheck.txt
Compatibility: Tested with Python 2.7 & 3.6
2 – s3dumper.sh
This script takes in a list of domains with regions made by s3finder.py. For each domain, it checks if there are publicly readable buckets and dumps them if so.
$> s3dumper.sh output.txt
Read This: InstaBrute: Instagram Hacking Tool.