s3scanner

Scan for misconfigured S3 buckets across cloud providers

TLDR

Scan a list of bucket names from a file

$ s3scanner -bucket-file [names.txt]

Scan and enumerate objects in a bucket

$ s3scanner -bucket [my-bucket] -enumerate

Scan a GCP bucket

$ s3scanner -provider gcp -bucket [my-bucket]

Scan with JSON output

$ s3scanner -bucket [my-bucket] -json

s3scanner checks permissions on object storage buckets to detect public access misconfigurations. It supports AWS and multiple S3-compatible providers, multi-threaded scanning, database persistence via PostgreSQL, and RabbitMQ integration for scaled operations.

PARAMETERS

-bucket NAME

Single bucket name to scan.

-bucket-file FILE

File containing bucket names to scan.

-enumerate

List all objects found in accessible buckets.

-provider PROVIDER

Storage provider: aws, gcp, digitalocean, dreamhost, linode, or scaleway.

-threads N

Number of concurrent scan workers. Default: 4.

-json

Output results in JSON format.

CAVEATS

Object enumeration is limited to 5,000 pages per bucket. Non-AWS providers support anonymous-user permissions only. Intended for authorized security testing only.

HISTORY

s3scanner was created by Dan Salmon (sa7mon) and is written in Go.

s3scanner

Scan for misconfigured S3 buckets across cloud providers

TLDR

SYNOPSIS

DESCRIPTION

PARAMETERS

CAVEATS

HISTORY

SEE ALSO