RedTeam
Others
Cloud
S3
Tools
S3scanner

What is S3Scanner

A tool to find open S3 buckets and dump their contents!


Commands

Main

s3scanner scan --bucket my-bucket(Bucket Name)
s3scanner dump --bucket my-bucket(Bucket Name) --dump-dir ~/Desktop/...(pc location)/

Other Commands

usage: s3scanner [-h] [--version] [--threads n] [--endpoint-url ENDPOINT_URL] [--endpoint-address-style {path,vhost}] [--insecure] {scan,dump} ...

s3scanner: Audit unsecured S3 buckets
           by Dan Salmon - github.com/sa7mon, @bltjetpack

optional arguments:
  -h, --help            show this help message and exit
  --version             Display the current version of this tool
  --threads n, -t n     Number of threads to use. Default: 4
  --endpoint-url ENDPOINT_URL, -u ENDPOINT_URL
                        URL of S3-compliant API. Default: https://s3.amazonaws.com
  --endpoint-address-style {path,vhost}, -s {path,vhost}
                        Address style to use for the endpoint. Default: path
  --insecure, -i        Do not verify SSL

mode:
  {scan,dump}           (Must choose one)
    scan                Scan bucket permissions
    dump                Dump the contents of buckets

More Information

More information ---> https://github.com/sa7mon/S3Scanner (opens in a new tab)