+-+-+-+-+-+-+
|s|3|s|c|a|n|
+-+-+-+-+-+-+
S3scan is a tool that scans S3 buckets for permissions, object listing. Also checks if a bucket exists or not.
- New feature: Supports file input containing multiple buckets now (-f, --file)
- Bug fixes: fixed a few errors in the obj deletion from device part
- Improvements: Added colored output messages for clear distinguishing (no extra module required)
- Extra changes: changed the banner art to more minimal
- Python 3.x
- awscli (credentials must be configured)
git clone https://github.com/Pyr0sec/S3scan
cd S3scan
pip install -r requirements.txt
(venv) PS C:\Users\puruj\Documents\git\s3scan> python.exe s3scan.py -h
+-+-+-+-+-+-+
|s|3|s|c|a|n|
+-+-+-+-+-+-+
usage: s3scan.py [-h] [-u URL | -b BUCKET_NAME | -f FILE] [--profile PROFILE] [--enumerate]
options:
-h, --help show this help message and exit
-u URL, --url URL Accepts S3 bucket URL as an argument
-b BUCKET_NAME, --bucket-name BUCKET_NAME
Accepts S3 bucket name as an argument
-f FILE, --file FILE Accepts a file containing S3 bucket names as an argument
--profile PROFILE Used to specify an AWS profile on your system (like awscli), Uses default
credentials if not specified any.
--enumerate Further enumerates the bucket by Checking if upload, download and deletion are
allowed and displays all objects on the bucket.
python S3scan.py -b flaws.cloud --profile root --enumerate
python S3scan.py -f buckets.txt --enumerate
- Add file input for scanning multiple buckets
- Add multhreading
- Add save output to file functionality