A quick and dirty script to find unsecured S3 buckets and dump their contents 💧
The tool has 2 parts:
This script takes a list of domain names and checks if their hosted on Amazon S3. Found S3 domains are output to file with their corresponding region in format "domain:region".
Usage: $> python s3finder.py -o output.txt domainsToCheck.txt
This script takes in a list of domains with regions made by s3finder.py. For each domain, it checks if there are publicly readable buckets and dumps them if so.
Usage: $> s3dumper.sh output.txt
Requirements: aws-cli
Please make pull requests if you can improve on the code at all (which is certain as the code can be greatly optimized).
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0)