Amazon S3 bucket scanners

Image of Amazon logo with security tools text

Introduction

Amazon S3 is short for Simple Storage Service. It is a web service offered by Amazon Web Services (AWS). The storage service is an interesting target for attackers as it may contain sensitive data.

The internet giant Amazon powers a big part of the web, including the storage of public and sensitive data. Amazon's S3 service provides this storage in so-called S3 buckets. Both evildoers and pentesters are interested in data leakages from S3 buckets.

This category of tools helps to discover and scan the S3 service. As there are several options available, we encourage you to check out which of the tools is up-to-date and works for your particular use-case.

Usage

Amazon S3 bucket scanners are typically used for asset discovery, penetration testing, security assessment.

Users for these tools include pentesters, security professionals.

Tools

AWSBucketDump (Amazon S3 bucket scanner)

configuration audit, discovery of sensitive information, security assessment

AWSBucketDump is a security tool to find interesting files in AWS S3 buckets that are part of Amazon cloud services. These storage containers may have interesting files, which a tool like AWSBucketDump can discover.

Bucket Finder (AWS S3 bucket finder)

data leak detection, penetration testing, security assessment

The Bucket Finder tool can be a helpful tool during penetration testing and security assessments. It helps with the discovery of S3 buckets on the Amazon AWS cloud.

Bucket Stream (AWS S3 bucket discovery using CT logs)

discovery of sensitive information, information leak detection, penetration testing, reconnaissance

Bucket Stream can be used to discover AWS S3 buckets. This tool may be helpful during reconnaissance and security assessments. As it does not include active scanning on the target itself, it is a passive way of finding information. This is a huge benefit, as you don't have to guess or brute-force the names.

BuQuikker (find open AWS S3 buckets)

data leak detection, security assessment

BuQuikker is a security tool to scan the Amazon S3 storage service. Its goal is to find open and unprotected S3 buckets.

inSp3ctor (AWS S3 bucket and object discovery)

penetration testing, security assessment, storage security testing

Like other S3 bucket scanners, inSp3ctor helps to find valid storage buckets on Amazon's AWS platform. This can be useful for security assignments like penetration testing or see what information is available about a company. Another option is using it to see if any private data is leaking.

s3-fuzzer (Amazon S3 bucket scanner)

configuration audit, discovery of sensitive information, security assessment

This fuzzing tool helps with discovering sensitive data in Amazon S3 buckets. S3 buckets are storage containers and may reveal data to unauthorized individuals. This tools helps with the discovery process.

S3Scanner (AWS S3 bucket scanner)

information gathering, information leak detection, penetration testing, storage security testing

The aptly named S3Scanner is to be used to detect AWS S3 buckets. Discovered buckets are displayed, together with the related objects in the bucket.

Teh S3 Bucketeers (AWS S3 bucket scanner)

penetration testing, security assessment, storage security testing

Tools like Teh S3 Bucketeers are valuable for doing reconnaissance and information gathering. They may be used during penetration tests and security assessments. The primary goal of these tools is to find S3 buckets that may lead to sensitive data stored on Amazon's storage service.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.