S3Scanner – Scan For Open S3 Buckets And Dump

S3 stores data as objects within resources called “buckets”. There can be some critical data dumped into the bucket. Permissions need to be assigned as per the seriousness of the bucket. In some cases, the bucket can be opened or it can be available for public access. So to identify this bucket for the particular domain we can use the S3Scanner tool. S3Scanner tool is an automated cyber security tool that is used to scan and dump the data from open buckets of the target domain. This tool is developed in the Python Language and is available on the GitHub platform.

Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux

Installation of S3Scanner Tool on Kali Linux OS

Step 1: Use the following command to install the tool in your Kali Linux operating system.

git clone https://github.com/sa7mon/S3Scanner.git

Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.

cd S3Scanner

Step 3: You are in the directory of the S3Scanner. Now you have to install a dependency of the S3Scanner using the following command.

sudo pip3 install -r requirements.txt

Step 4: All the dependencies have been installed in your Kali Linux operating system. Now use the following command to run the tool and check the help section.

python3 -m S3Scanner -h

Working with S3Scanner Tool on Kali Linux OS

Example/Usage: Bucket Scan on multiple domains

python3 s3canner.py --list urls.txt

In the below screenshot, we have the txt file on multiple domains for which we will be finding the open S3 bucket.

We have passed the filename which contains the list of URLs.

Tool has identified the open and closed buckets for the domains which were passed.