s3enum is a fast and stealthy Amazon S3 bucket enumeration tool. It leverages DNS instead of HTTP, which means it does not hit AWS infrastructure directly.
It was originally built back in 2016 to target GitHub.
go install github.com/koenrh/s3enum@v1
You need to specify the base name of the target (e.g.,
hackerone), and a word list.
You could either use the example
wordlist.txt file from
this repository, or get a word list elsewhere.
Optionally, you could specify the number of threads (defaults to 5).
$ s3enum -wordlist examples/wordlist.txt -suffixlist examples/suffixlist.txt -threads 10 hackerone hackerone hackerone-attachment hackerone-attachments hackerone-static hackerone-upload
s3enum will use the name server as specified in
Alternatively, you could specify a different name server using the
option. Besides, you could test multiple names at the same time.
s3enum \ -wordlist examples/wordlist.txt \ -suffixlist examples/suffixlist.txt \ -nameserver 18.104.22.168 \ hackerone h1 roflcopter
s3enum is currently unable to detect S3 buckets in the us-east-1 region.