CloudScraper is a Python-based tool that spiders and scrapes web targets to discover exposed cloud storage resources across AWS, Azure, and Digital Ocean.
CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
This tool is primarily used by security professionals and threat hunters to enumerate and identify publicly exposed cloud storage assets such as S3 buckets, Azure blobs, and Digital Ocean spaces by crawling target websites. It helps uncover potential cloud misconfigurations and information disclosures that could lead to security risks.
CloudScraper requires Python 3.6+ and non-standard libraries (requests, rfc3987, termcolor). It uses regex scanning of full page sources rather than relying solely on href links, which improves detection of buried cloud resource URLs but may produce false positives or miss some links. Users can customize keywords by modifying the parser function. The tool is inspired by red teaming techniques targeting cloud misconfigurations and is suitable for security assessments and threat hunting. Multithreading and additional detection support are planned enhancements.
Ensure Python 3.6 or higher is installed
Install required Python libraries: requests, rfc3987, termcolor
Download or clone the repository from GitHub
Run the tool using Python3: python3 CloudScraper.pypython3 CloudScraper.py -u https://rottentomatoes.com
Start spidering and scraping the specified URL for cloud storage resources
python3 CloudScraper.py -u https://example.com -d 3 -p 4 -v
Run the tool on example.com with max crawl depth 3, 4 parallel processes, and verbose output
python3 CloudScraper.py -l targets.txt
Scan multiple targets listed line-by-line in the specified text file
python3 CloudScraper.py --no-verify -u https://example.com
Run the scan on example.com while skipping TLS certificate verification