S3Scanner: Scan for open S3 buckets and dump

S3Scanner

A tool to find open S3 buckets and dump their contents

S3Scanner

The tool takes in a list of bucket names to check. Found S3 buckets are output to file. The tool will also dump or list the contents of ‘open’ buckets locally.

Interpreting Results

This tool will attempt to get all available information about a bucket, but it’s up to you to interpret the results.

Settings available for buckets:

  • Object Access (object in this case refers to files stored in the bucket)
    • List Objects
    • Write Objects
  • ACL Access
    • Read Permissions
    • Write Permissions

Any or all of these permissions can be set for the 2 main user groups:

  • Authenticated Users
  • Public Users (those without AWS credentials set)
  • (They can also be applied to specific users, but that’s out of scope)

What this means: Just because a bucket returns “AccessDenied” for it’s ACLs doesn’t mean you can’t read/write to it. Conversely, you may be able to list ACLs but not read/write to the bucket

Installation

(Optional) virtualenv venv && source ./venv/bin/activate
pip install -r requirements.txt
python ./s3scanner.py

Using

#  s3scanner - Find S3 buckets and dump!
#
#  Author: Dan Salmon - @bltjetpack, github.com/sa7mon

positional arguments:
  buckets                Name of text file containing buckets to check

optional arguments:
  -h, --help              show this help message and exit
  -o, --out-file OUTFILE  Name of file to save the successfully checked buckets in (Default: buckets.txt)
  -c, --include-closed    Include found but closed buckets in the out-file
  -r , --default-region   AWS region to default to (Default: us-west-1)
  -d, --dump              Dump all found open buckets locally
  -l, --list              List all found open buckets locally

The tool takes in a list of bucket names to check. Found S3 domains are output to file with their corresponding region in the format ‘domain:region’. The tool will also dump the contents of ‘open’ buckets locally.

Copyright (c) 2019 Dan Salmon

Source: https://github.com/sa7mon

Share