Scan for open S3 buckets and dump the contents
Project description
S3Scanner
A tool to find open S3 buckets and dump their contents💧
Usage
usage: s3scanner [-h] [--version] [--threads n] [--endpoint-url ENDPOINT_URL] [--endpoint-address-style {path,vhost}] [--insecure] {scan,dump} ... s3scanner: Audit unsecured S3 buckets by Dan Salmon - github.com/sa7mon, @bltjetpack optional arguments: -h, --help show this help message and exit --version Display the current version of this tool --threads n, -t n Number of threads to use. Default: 4 --endpoint-url ENDPOINT_URL, -u ENDPOINT_URL URL of S3-compliant API. Default: https://s3.amazonaws.com --endpoint-address-style {path,vhost}, -s {path,vhost} Address style to use for the endpoint. Default: path --insecure, -i Do not verify SSL mode: {scan,dump} (Must choose one) scan Scan bucket permissions dump Dump the contents of buckets
Support
🚀 If you've found this tool useful, please consider donating to support its development
Installation
pip3 install s3scanner
or via Docker:
docker build . -t s3scanner:latest
docker run --rm s3scanner:latest scan --bucket my-buket
or from source:
git clone git@github.com:sa7mon/S3Scanner.git
cd S3Scanner
pip3 install -r requirements.txt
python3 -m S3Scanner
Features
- ⚡️ Multi-threaded scanning
- 🔭 Supports tons of S3-compatible APIs
- 🕵️♀️ Scans all bucket permissions to find misconfigurations
- 💾 Dump bucket contents to a local folder
- 🐳 Docker support
Examples
- Scan AWS buckets listed in a file with 8 threads
$ s3scanner --threads 8 scan --buckets-file ./bucket-names.txt
- Scan a bucket in Digital Ocean Spaces
$ s3scanner --endpoint-url https://sfo2.digitaloceanspaces.com scan --bucket my-bucket
- Dump a single AWS bucket
$ s3scanner dump --bucket my-bucket-to-dump
- Scan a single Dreamhost Objects bucket which uses the vhost address style and an invalid SSL cert
$ s3scanner --endpoint-url https://objects.dreamhost.com --endpoint-address-style vhost --insecure scan --bucket my-bucket
S3-compatible APIs
S3Scanner
can scan and dump buckets in S3-compatible APIs services other than AWS by using the
--endpoint-url
argument. Depending on the service, you may also need the --endpoint-address-style
or --insecure
arguments as well.
Some services have different endpoints corresponding to different regions
Note: S3Scanner
currently only supports scanning for anonymous user permissions of non-AWS services
Service | Example Endpoint | Address Style | Insecure ? |
---|---|---|---|
DigitalOcean Spaces (SFO2 region) | https://sfo2.digitaloceanspaces.com | path | No |
Dreamhost | https://objects.dreamhost.com | vhost | Yes |
Linode Object Storage (eu-central-1 region) | https://eu-central-1.linodeobjects.com | vhost | No |
Scaleway Object Storage (nl-ams region) | https://s3.nl-ams.scw.cloud | path | No |
Wasabi Cloud Storage | http://s3.wasabisys.com/ | path | Yes |
📚 Current status of non-AWS APIs can be found in the project wiki
Interpreting Results
This tool will attempt to get all available information about a bucket, but it's up to you to interpret the results.
Possible permissions for buckets:
- Read - List and view all files
- Write - Write files to bucket
- Read ACP - Read all Access Control Policies attached to bucket
- Write ACP - Write Access Control Policies to bucket
- Full Control - All above permissions
Any or all of these permissions can be set for the 2 main user groups:
- Authenticated Users
- Public Users (those without AWS credentials set)
- Individual users/groups (out of scope of this tool)
What this means: Just because a bucket doesn't allow reading/writing ACLs doesn't mean you can't read/write files in the bucket. Conversely, you may be able to list ACLs but not read/write to the bucket
Contributors
License
MIT
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file S3Scanner-2.0.2.tar.gz
.
File metadata
- Download URL: S3Scanner-2.0.2.tar.gz
- Upload date:
- Size: 16.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.6.0 importlib_metadata/4.8.2 pkginfo/1.8.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.9.7
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 451c76bbe3c7c5c7629de990a1e904c47dbe4d4f9bac626e77b5e6799dc045ce |
|
MD5 | 19104dc846a4f0b5bd8b8063acd5fb4b |
|
BLAKE2b-256 | 7c2820af6edde8edee3e44cbaeaab0cbe0fb1dd64d9f613bd1f68b678cee944b |
File details
Details for the file S3Scanner-2.0.2-py3-none-any.whl
.
File metadata
- Download URL: S3Scanner-2.0.2-py3-none-any.whl
- Upload date:
- Size: 15.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.6.0 importlib_metadata/4.8.2 pkginfo/1.8.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.9.7
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | e1301528c2ca6dd5abce31fe13bdd47152be939b05b0fc86a583c3443ffb74fd |
|
MD5 | 7ddcc4153b4a88fb7a99f9122adf6960 |
|
BLAKE2b-256 | 1eaa10c4540a7bfd2ba561b6ee7d1f338946684c2007e25a0fe66cb23a5a2cd2 |