Skip to content

yehgdotnet/S3Scanner

 
 

Repository files navigation

S3Scanner

A quick and dirty script to find unsecured S3 buckets and dump their contents 💧

Using

The tool has 2 parts:

1 - s3finder.py

This script takes a list of domain names and checks if they're hosted on Amazon S3. Found S3 domains are output to file with their corresponding region in format "domain:region".

1 - s3finder.py

  • Install:

    1. (Optional) virtualenv venv && source ./venv/bin/activate
    2. pip install -r requirements.txt
  • Usage: $> python s3finder.py -o output.txt domainsToCheck.txt

Compatibility: Tested with Python 2.7 & 3.6

2 - s3dumper.sh

This script takes in a list of domains with regions made by s3finder.py. For each domain, it checks if there are publicly readable buckets and dumps them if so.

Usage: $> s3dumper.sh output.txt

Requirements: aws-cli

2 - s3dumper.sh

Current Status

  • Build Status - master
    • Build Status - enhancements
    • Build Status - bugs

Contributing

Please make pull requests if you can improve on the code at all (which is certain as the code can be greatly optimized).

License

Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0)

About

Scan for open S3 buckets and dump

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 85.0%
  • Shell 15.0%