S3Scanner - Scan For Open S3 Buckets And Dump
A quick and dirty script to find unsecured S3 buckets and dump their contents.
Using
The tool has 2 parts:
1 - s3finder.py
This script takes a list of domain names and checks if they're hosted on Amazon S3. Found S3 domains are output to file with their corresponding region in format "domain:region".
- Install:
- (Optional)
virtualenv venv && source ./venv/bin/activate
pip install -r requirements.txt
- (Optional)
- Usage:
$> python s3finder.py -o output.txt domainsToCheck.txt
2 - s3dumper.sh
This script takes in a list of domains with regions made by s3finder.py. For each domain, it checks if there are publicly readable buckets and dumps them if so.
Usage:
$> s3dumper.sh output.txt
Requirements: aws-cli
S3Scanner - Scan For Open S3 Buckets And Dump
Reviewed by Zion3R
on
10:10 AM
Rating:
![S3Scanner - Scan For Open S3 Buckets And Dump](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfwyPosO0JZ4Lzu6wMnX8Nfb3w_WHkbP6rsHcBtv1ZR0MxnT9R4AUzDQHq9hKyQUNFn7iyXkI3vj31u-HxLq45f5DHDHNn1fj6Hj6lSBNnjeQGrNyqp0SvZqQ_BpffKXK557mLcnVJ8OE/s72-c/S3Scanner_1.png)