S3Scanner

S3Scanner finds misconfigured S3 buckets across various cloud providers, enhancing cloud security posture and data leak prevention.

Visit Website Share on X

Visit Website

Introduction

Back

Information

Publisher
Admin
Websitegithub.com
Created date03/31/2025
Published date03/31/2025

More Resources

Web

Cloud

HackDB

GeoEvident

Details

AI geolocation platform identifying indoor/outdoor photo locations like hotel rooms and street views with verifiable evidence for OSINT and recon.

OSINT AI Report External

AI SecurityApplication SecurityInfrastructure SecurityReconnaissance

Visit Website

PentAGI

Details

Autonomous AI agent system for complex penetration testing, integrating security tools, long-term memory, and smart task delegation in sandboxed Docker.

AI OSINT Web Internal External

Exploit DevelopmentInfrastructure SecurityRed Team Operations

Visit Website

IronPE

Details

Rust-based Windows PE manual loader supporting x86/x64. Implements manual mapping, base relocations, and import resolution for memory-based execution.

Internal

S3Scanner

A tool to find open S3 buckets in AWS or other cloud providers:

AWS
DigitalOcean
DreamHost
GCP
Linode
Scaleway
Custom

Key Features:

Multi-threaded scanning for efficient bucket analysis.
Supports built-in S3 storage providers and custom configurations.
Scans bucket permissions to identify misconfigurations.
Saves results to a Postgres database for analysis and reporting.
Connects to RabbitMQ for automated scanning at scale.
Offers Docker support for containerized deployments.

S3Scanner is used by:

reconFTW
ReNgine
Axiom

Usage:

S3Scanner requires one type of input: -bucket, -bucket-file, or -mq.

It supports outputting to a Postgres database or JSON format.

Options include:

-enumerate: Enumerate bucket objects (can be time-consuming).
-provider: Object storage provider (aws, custom, digitalocean, dreamhost, gcp, linode, scaleway).
-threads: Number of threads to scan with.

S3Scanner

Introduction

Information

Categories

Tags