A tool to find open S3 buckets and dump their contents 💧
# s3scanner - Find S3 buckets and dump! # # Author: Dan Salmon - @bltjetpack, github.com/sa7mon positional arguments: buckets Name of text file containing buckets to check optional arguments: -h, --help show this help message and exit -o, --out-file OUTFILE Name of file to save the successfully checked buckets in (Default: buckets.txt) -c, --include-closed Include found but closed buckets in the out-file -r , --default-region AWS region to default to (Default: us-west-1) -d, --dump Dump all found open buckets locally
The tool takes in a list of bucket names to check. Found S3 domains are output to file with their corresponding region in the format 'domain:region'. The tool will also dump the contents of 'open' buckets locally.
This tool accepts the following type of bucket formats to check:
- bucket name -
google-dev
- domain name -
uber.com
,sub.domain.com
- full s3 url -
yahoo-staging.s3-us-west-2.amazonaws.com
(To easily combine with other tools like bucket-stream) - bucket:region -
flaws.cloud:us-west-2
> cat names.txt
flaws.cloud
google-dev
testing.microsoft.com
yelp-production.s3-us-west-1.amazonaws.com
github-dev:us-east-1
-
Dump all open buckets, log both open and closed buckets to found.txt
> python ./s3scanner.py --include-closed --out-file found.txt --dump names.txt
-
Just log open buckets to the default output file (buckets.txt)
> python ./s3scanner.py names.txt
- (Optional)
virtualenv venv && source ./venv/bin/activate
pip install -r requirements.txt
python ./s3scanner.py
(Compatibility has been tested with Python 2.7 and 3.6)
Issues are welcome and Pull Requests are appreciated. All contributions should be compatible with both Python 2.7 and 3.6.
master | |
---|---|
enhancements | |
bugs |
- All test are currently in
test_scanner.py
- Run tests with in 2.7 and 3.6 virtual environments.
- This project uses pytest-xdist to run tests. Use
pytest -n NUM
where num is number of parallel processes.
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0)