Awesome
Awesome AWS S3 Security
Collection of tools, techniques and useful links concerning security and exposed AWS S3 Buckets
Tools
- Grayhat Warfare - A free tool that lists open s3 buckets and helps you search for interesting files
- AWSBucketDump - AWSBucketDump is a tool to quickly enumerate AWS S3 buckets to look for loot
- S3Scanner - Scan for open AWS S3 buckets and dump the contents - By sa7mon
- s3enum - Fast Amazon S3 bucket enumeration tool for pentesters
- s3-buckets-finder - PHP tool to brute force Amazon S3 bucket - By gwen001
- s3-buckets-finder - PHP tool to brute force Amazon S3 bucket - By gold1029
- Sandcastle - a Python script for AWS S3 bucket enumeration, formerly known as bucketCrawler
- mubrute - The tool uses the response code returned by s3.amazonaws.com to determine if a bucket exists and its list permissions
- PyLazyS3 - Enumerate AWS S3 buckets using different permutations
- RoboBucketeer - Robot Framework Library for Buckteer - S3 Buckets & Subdomain Enumeration
- inSp3ctor - AWS S3 Bucket/Object Finder
- bucketkicker - A tool to quickly enumerate AWS S3 buckets verify whether or not they exist and to look for loot
- s3recon - Amazon S3 bucket finder and crawler
- s3finder - Can search using a wordlist or by monitoring the certstream network for domain names from certificate transparency logs
- kicks3 - S3 bucket finder from html,js and bucket misconfiguration testing tool
- bucket_finder - DigiNinja's bucket_finder utility - By mattweidner
- Bucket_Finder - Leaky Buckets - By hazana
- haka_toni_bucket_finder - Yet another S3 Bucket finder (No official description provided)
- s3-open-bucket-finder - Yet another S3 Bucket finder (No official description provided)
- s3scanner - Scan for open public S3 buckets - By miguelmota
- bucket-scraper - Command-line application for scraping, indexing and downloading of Amazon S3 buckets
- bucket-hunter - Amazon AWS Exposed Bucket Hunter - Security research
- bucket-stream - Find interesting Amazon S3 Buckets by watching certificate transparency logs
- goGetBucket - A penetration testing tool to enumerate and analyse Amazon S3 Buckets owned by a domain
- bucket_finder - Trawl Amazon S3 buckets for interesting files
General Purpose Tools
- CloudScraper - CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space
- CloudStorageFinder - A collection of tools to find data that has been made public in cloud storage systems such as S3 Buckets and Digital Ocean Spaces
- exif-scraper - Grab photos from an S3 bucket and store their EXIF data in a database
- mlb-dfs-scrapers - Web scraping library for dumping MLB stats in S3 bucket csv files
Techniques
- enum_wayback - Metasploit module that pulls and parses the URLs stored by Archive.org for the purpose of replaying during a web assessment. Finding unlinked and old pages.
Articles
- List of AWS S3 Leaks
- How to search for Open Amazon s3 Buckets and their contents
- There's a Hole in 1,951 Amazon S3 Buckets
- Amazon S3 Bucket Public Access Considerations
- Analysing Amazon's Buckets
- Unsecured Public Information in Amazon S3 Buckets - Are Your Buckets Leaking Data?
- Exposed S3 bucket CloudTrail logs — Another way to compromise security
- Fantastic! Public S3 Buckets and How to Find Them