S3Scanner

Find open AWS S3 buckets and dump their contents

Cloud & Assets6 commands

#s3#aws#cloud#bucket#scanner

Installation

1Clone repository

2Install dependencies

3Verify installation

# Clone repository
git clone https://github.com/sa7mon/S3Scanner.git
cd S3Scanner

# Install dependencies
pip install -r requirements.txt

# Verify
python3 s3scanner.py --help

Basic Usage

Check a list of bucket names for open S3 buckets and dump their contents

# Check buckets from file
python3 s3scanner.py buckets.txt

# Check and dump contents
python3 s3scanner.py --dump buckets.txt

# Check with specific endpoints
python3 s3scanner.py --endpoint us-east-1 buckets.txt

# Include closed buckets in output
python3 s3scanner.py --include-closed buckets.txt

# Output results to file
python3 s3scanner.py buckets.txt -o results.json

Command Reference

6 commands

1Download contents of open buckets

--dump

2AWS region endpoint

--endpoint

3Include closed buckets in output

--include-closed

4Output file for results

-o

5Number of concurrent threads

--threads

6Request timeout in seconds

--timeout

When to Use

Finding misconfigured S3 buckets during recon

Security audits of cloud storage configurations

Bug bounty hunting for S3-related vulnerabilities

Data leak assessments

Notes & Tips

Only scans buckets you have permission to test

Dump feature downloads all files from open buckets

Supports multiple AWS regions automatically

Common Errors & Solutions

Access denied

The bucket exists but is not public — this is expected for secure buckets

Bucket not found

The bucket name does not exist — try variations or different regions

# Check buckets from file python3 s3scanner.py buckets.txt # Check and dump contents python3 s3scanner.py --dump buckets.txt # Check with specific endpoints python3 s3scanner.py --endpoint us-east-1 buckets.txt # Include closed buckets in output python3 s3scanner.py --include-closed buckets.txt # Output results to file python3 s3scanner.py buckets.txt -o results.json