Name: s3-buckets-finder
Author: gwen001

Primary Use Case

This tool is primarily used by security professionals and cloud auditors to discover existing AWS S3 buckets by brute forcing bucket names from wordlists and then testing their permissions such as ACL and write access. It helps identify misconfigured or publicly accessible buckets that could lead to data exposure or unauthorized access.

Key Features

Brute force AWS S3 bucket names using customizable wordlists

Tests bucket permissions including get ACL, put ACL, list, HTTP list, and write

Supports automatic AWS region detection and manual region specification

Permutations on bucket names with configurable prefixes, suffixes, and separators

Multi-threaded scanning with configurable thread count

Supports multiple cloud providers: Amazon, Google Cloud, DigitalOcean

Configurable verbosity and output color options

Recursion with max-depth option to explore nested bucket name permutations

Insights & Recommendations

Requires AWS CLI installation and configuration for proper operation. Use caution with the --force-recurse option as it may generate a large number of permutations and cause extensive requests. The tool supports multiple cloud providers but is primarily designed for AWS S3 buckets. Appropriate permissions and ethical considerations should be observed when scanning buckets.

Install AWS CLI: apt-get install awscli Configure AWS CLI: aws configure For Google Cloud support, install gsutil as per https://cloud.google.com/storage/docs/gsutil_install Clone the repository: git clone https://github.com/gwen001/s3-buckets-finder

Usage

php s3-buckets-bruteforcer.php --bucket gwen001-test002

Scan a single bucket named 'gwen001-test002' and test its permissions.

php s3-buckets-bruteforcer.php --bucket listing.txt --no-color --verbosity 1

Scan buckets listed in 'listing.txt' without colored output and suppress 'not found' messages.

php s3-buckets-bruteforcer.php --bucket listing1.txt --bucket listing2.txt --bucket listing3.txt --perform e --thread 10

Scan multiple bucket lists performing only existence checks with 10 concurrent threads.

php s3-buckets-bruteforcer.php --bucket listing.txt --prefix prefix.txt --suffix suffix1.txt --suffix2.txt --perform esw --thread 10

Scan buckets with permutations using prefixes and suffixes, performing existence, set ACL, and write tests with 10 threads.

php s3-buckets-bruteforcer.php --bucket listing.txt --region us-east-2 --rlevel 3

Scan buckets in the specified AWS region 'us-east-2' with recursion level 3.

Smart Usage Notes

Integrate with automated CI/CD pipelines to continuously scan for misconfigured or exposed cloud storage buckets.Use findings to proactively remediate cloud storage misconfigurations before exploitation.Combine with cloud infrastructure as code (IaC) scanning tools to enforce secure bucket naming and permission policies.Leverage multi-threaded brute forcing with customized wordlists to discover shadow or forgotten buckets in large cloud environments.Employ in purple team exercises to simulate attacker reconnaissance and improve detection capabilities for cloud misconfigurations.

OpenSec Atlas

s3-buckets-finder

About This Tool

Primary Use Case

Key Features

Insights & Recommendations

Installation

Usage

Smart Usage Notes

Security Capability Profile

Tags

You Might Also Like