s3scanner tool takes in a list of bucket names to check. Found S3 domains are output to file with their corresponding region in the format ‘domain:region’. The tool will also dump the contents of ‘open’ buckets locally.
s3scanner tool will attempt to get all available information about a bucket, but it’s up to you to interpret the results.
Settings available for buckets:
* Object Access (object in this case refers to files stored in the bucket)
+-+ List Objects
+-+ Write Objects
+ ACL Access
+-+ Read Permissions
+-+ Write Permissions
S3Scanner
* Any or all of these permissions can be set for the 2 main user groups:
+ Authenticated Users
+ Public Users (those without AWS credentials set)
+ (They can also be applied to specific users, but that’s out of scope)
What this means: Just because a bucket returns “AccessDenied” for it’s ACLs doesn’t mean you can’t read/write to it. Conversely, you may be able to list ACLs but not read/write to the bucket
Dependencies:
+ Python 2.7.x and Python 3.6.x
Use and Download:
git clone https://github.com/sa7mon/S3Scanner && s3scanner pip install -r requirements.txt python s3scanner.py --include-closed --out-file found.txt --dump names.txt
Source: https://github.com/sa7mon