A user-friendly GUI for s3scanner that helps security researchers and bug bounty hunters find misconfigured S3 buckets across multiple cloud providers.
✔ Smart Bucket Generation – Combine prefixes, suffixes, and delimiters automatically
✔ Multi-Cloud Support – AWS, GCP, DigitalOcean, Linode, and more
✔ Real-Time Results – Live output with auto-scrolling
✔ Sort & Filter – Organize results by bucket size (object count)
✔ Lightweight – No bloated dependencies, just pure Python + s3scanner
✔ Multi-Threaded – Faster scanning through parallel processing
✔ Proxy Rotation – Avoid rate limits with configurable proxy support
S3Hunter relies on s3scanner for scanning.
go install github.com/sa7mon/s3scanner@latest
export PATH=$PATH:~/go/bin # Add to PATH if not already- Download the latest
releasefrom s3scanner releases - Place it in a directory included in your
PATH
The tool uses built-in Python modules (tkinter, subprocess, etc.).
sudo apt install python3-tk # Only needed if GUI fails to openpython s3hunter.py- Enter Prefixes - Comma seperated, no spaces (e.g.,
company,prod,test) - (Optional) Add Suffixes (e.g.,
backup,storage,logs) - Select a Cloud Provider (AWS, GCP, DigitalOcean, etc.)
- Click "Run Scan" – Results appear in real-time!
- Sort Results – Click "Sort" to organize by bucket size
(Tip: Disable "Use Suffixes" to scan raw prefixes only.)
If you get s3scanner not found:
# Install (if missing):
go install github.com/sa7mon/s3scanner@latest
# Verify it's in PATH:
s3scanner --versionReplace BUCKETNAME in these URLs to check buckets directly:
https://BUCKETNAME.s3.amazonaws.com/
https://BUCKETNAME.s3.[region].amazonaws.com/ # e.g., s3.us-east-1
https://BUCKETNAME.[region].digitaloceanspaces.com/ # e.g., nyc3
https://storage.googleapis.com/BUCKETNAME/
(Requires object path—try appending a file)
https://BUCKETNAME.[region].scw.cloud/example.txt # e.g., fr-par
https://BUCKETNAME.objects-[region].dream.io/ # e.g., us-east-1
https://BUCKETNAME.[region].linodeobjects.com/
First install AWS CLI on your system and then from the command line run:
aws s3 sync s3://BUCKETNAME/ BUCKETNAME --no-sign-request
- "Access Denied": Bucket exists but is properly locked.
- "NoSuchBucket": Bucket doesn’t exist (or was deleted).
- Timeout: Region mismatch—try different endpoints.
This tool is for authorized security testing and educational purposes only. The author accepts no liability for misuse of this software.
MIT License – Free for personal and commercial use.
-
Add optional multi-threading for faster scans(Completed: Apr. 19 2025) -
Add support for rotating proxies (S3Hunter may experience rate-limiting when multi-thread scanning batches of 100,000+ bucket names)(Completed: Apr. 19 2025)