S3Scanner

By Ashish Chhatani - March 27, 2018

A quick and dirty script to find unsecured S3 buckets and dump their contents

There is a new tool S3Scanner has come into the picture and grabbed the eyeballs recently as it collects the information of unsecured S3 buckets and dump its contents.

There is a python script written for finding the S3 buckets which are not so secure. As AWS S3 is quite popular platform used now a days, this tool has interesting stuff to offer.

You can download it from: https://github.com/yehgdotnet/S3Scanner

First task is to find the domains which are hosted on Amazon S3. Once the domains are found then these found S3 domains are pushed into file with their related region.

The related region format is displayed as “domain:region".

Steps

1. Clone the S3Scanner from above link to your environment.

2. pip install -r requirements.txt (this will download the awscli and other required stuff)

3. python s3finder.py -o output.txt domains.txt (domains.txt contains the domain names list which needs to be checked)

Now second task is to dump the information collected to the output file. To do that, s3dumper.sh is used.

Step

./s3dumper.sh output.txt

Here output.txt contains the domains list which are hosted on AWS S3 bucket.

As you can see in the picture, we don’t have the permission to access currently but in some cases, you will be able to find the domains which have sensitive-critical files stored in s3 bucket and are available publicly which is an obvious pleasure for an attacker.