Skip to content

random-robbie/mass-s3-bucket-tester

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

20 Commits
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
list.txt
list.txt
Β 
Β 
poc.txt
poc.txt
Β 
Β 
requirements.txt
requirements.txt
Β 
Β 
s3_poc.py
s3_poc.py
Β 
Β 

Repository files navigation

Mass S3 Bucket Tester

A Python 3 security tool for testing AWS S3 buckets for common misconfigurations including public directory listings, bucket availability, and upload permissions.

⚠️ For Authorized Security Testing Only - Use this tool only on systems you own or have explicit permission to test.

Features

  • βœ… No AWS Credentials Required - Tests for public misconfigurations without any credentials
  • πŸš€ Concurrent Testing - Fast parallel processing with configurable worker threads
  • 🌍 Comprehensive Region Support - Supports all major AWS regions
  • πŸ“Š Multiple Test Types:
    • Public directory listing detection
    • Bucket existence verification (NoSuchBucket detection)
    • Access permission checks (403 responses)
    • Optional upload permission testing (requires credentials)
  • 🎯 Flexible Input - Test single buckets or batch process from files
  • πŸ“ Detailed Logging - Organized output files for different findings
  • 🐍 Modern Python 3 - Clean, maintainable code with boto3

What It Detects

  1. Publicly Listable Buckets - Buckets that expose their file listings to anyone
  2. Available Bucket Names - Non-existent buckets that could be hijacked
  3. Private Buckets - Buckets that exist but deny public access (403)
  4. Uploadable Buckets - Buckets with public write permissions (optional test)

Requirements

  • Python 3.7+
  • pip

Installation

# Clone the repository
git clone https://github.com/random-robbie/mass-s3-bucket-tester.git
cd mass-s3-bucket-tester

# Install dependencies
pip install -r requirements.txt

Quick Start

# Create a file with bucket URLs (one per line)
echo "test-bucket.s3.amazonaws.com" > list.txt
echo "example-bucket.s3.us-west-2.amazonaws.com" >> list.txt

# Run the tester (no credentials needed!)
python3 s3_poc.py -f list.txt

Usage

Basic Usage (No Credentials Required)

# Test buckets from default list.txt file
python3 s3_poc.py

# Test buckets from custom file
python3 s3_poc.py -f buckets.txt

# Test a single bucket
python3 s3_poc.py -u test-bucket.s3.amazonaws.com

Advanced Usage

# Use 10 concurrent workers for faster testing
python3 s3_poc.py -f buckets.txt -w 10

# Adjust timeout for slow connections
python3 s3_poc.py -f buckets.txt -t 20

# Enable verbose logging
python3 s3_poc.py -f buckets.txt -v

Upload Permission Testing (Optional)

# Test upload permissions with AWS credentials
python3 s3_poc.py -f buckets.txt --test-upload -k YOUR_ACCESS_KEY -s YOUR_SECRET_KEY

# Or use environment variables
export AWS_ACCESS_KEY_ID="your_access_key"
export AWS_SECRET_ACCESS_KEY="your_secret_key"
python3 s3_poc.py -f buckets.txt --test-upload

Command-Line Options

-f, --file FILE          File containing bucket URLs (default: list.txt)
-u, --url URL            Single bucket URL to test
-t, --timeout SECONDS    Request timeout in seconds (default: 10)
-w, --workers NUM        Number of concurrent workers (default: 5)
--test-upload            Test upload permissions (requires AWS credentials)
-k, --access-key KEY     AWS access key ID (only needed with --test-upload)
-s, --secret-key KEY     AWS secret access key (only needed with --test-upload)
-v, --verbose            Enable verbose logging

Input File Format

Create a text file with one S3 bucket URL per line:

bucket-name.s3.amazonaws.com
another-bucket.s3.us-west-2.amazonaws.com
test-bucket.s3.eu-west-1.amazonaws.com
example.s3-website-us-east-1.amazonaws.com

Output Files

The tool generates three output files:

  • buckets-list.txt - Buckets with public directory listings enabled
  • buckets-nosuchbucket.txt - Non-existent buckets available for registration
  • buckets-upload.txt - Buckets where POC file upload succeeded (only with --test-upload)

Supported AWS Regions

North America

  • US East (N. Virginia) - us-east-1
  • US East (Ohio) - us-east-2
  • US West (N. California) - us-west-1
  • US West (Oregon) - us-west-2
  • AWS GovCloud (US-East) - us-gov-east-1
  • AWS GovCloud (US-West) - us-gov-west-1
  • Canada (Central) - ca-central-1
  • Canada West (Calgary) - ca-west-1

Asia Pacific

  • Asia Pacific (Mumbai) - ap-south-1
  • Asia Pacific (Hyderabad) - ap-south-2
  • Asia Pacific (Singapore) - ap-southeast-1
  • Asia Pacific (Sydney) - ap-southeast-2
  • Asia Pacific (Jakarta) - ap-southeast-3
  • Asia Pacific (Melbourne) - ap-southeast-4
  • Asia Pacific (Malaysia) - ap-southeast-5
  • Asia Pacific (Hong Kong) - ap-east-1
  • Asia Pacific (Tokyo) - ap-northeast-1
  • Asia Pacific (Seoul) - ap-northeast-2
  • Asia Pacific (Osaka) - ap-northeast-3

Europe

  • Europe (Frankfurt) - eu-central-1
  • Europe (Zurich) - eu-central-2
  • Europe (Ireland) - eu-west-1
  • Europe (London) - eu-west-2
  • Europe (Paris) - eu-west-3
  • Europe (Stockholm) - eu-north-1
  • Europe (Milan) - eu-south-1
  • Europe (Spain) - eu-south-2

Middle East

  • Middle East (Bahrain) - me-south-1
  • Middle East (UAE) - me-central-1

Africa

  • Africa (Cape Town) - af-south-1

South America

  • South America (SΓ£o Paulo) - sa-east-1

Israel

  • Israel (Tel Aviv) - il-central-1

Total: 35+ AWS regions supported

How It Works

  1. HTTP Requests - Makes HTTP requests to S3 bucket URLs to check for public access
  2. Response Analysis - Analyzes responses for XML bucket listings or error messages
  3. Concurrent Processing - Tests multiple buckets in parallel for faster results
  4. Optional Upload Test - If credentials provided and --test-upload enabled, attempts to upload a POC file

Security & Legal Notice

⚠️ IMPORTANT: This tool is designed for authorized security testing only.

  • Only test buckets you own or have explicit written permission to test
  • Unauthorized testing of third-party S3 buckets may violate laws including:
    • Computer Fraud and Abuse Act (CFAA) in the US
    • Computer Misuse Act in the UK
    • Similar laws in other jurisdictions
  • Always follow responsible disclosure practices
  • Use this tool ethically and legally

Bug Bounty & Penetration Testing

This tool is useful for:

  • Bug bounty programs with in-scope AWS infrastructure
  • Authorized penetration testing engagements
  • Security assessments of your own infrastructure
  • Educational purposes in controlled environments

Changelog

Version 2.0 (Latest)

  • Complete rewrite in Python 3
  • Replaced deprecated boto with boto3
  • Added concurrent processing for faster testing
  • Removed credential requirement for basic testing
  • Added comprehensive CLI with argparse
  • Fixed region mapping bugs
  • Eliminated code duplication (200+ lines reduced)
  • Added support for additional AWS regions
  • Improved error handling and logging
  • Made upload testing opt-in with --test-upload flag

Version 1.0

  • Initial Python 2 release
  • Basic S3 bucket testing functionality

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

License

This tool is provided as-is for educational and authorized security testing purposes.

Credits

  • Original author: @random-robbie
  • Modernization improvements: Claude Sonnet 4.5

Recommended VPS Provider

Need a VPS for security testing? Try DigitalOcean:

DigitalOcean Referral Badge

Disclaimer: The authors and contributors are not responsible for misuse of this tool. Users are solely responsible for ensuring they have proper authorization before testing any systems.

About

This tests a list of s3 buckets to see if they have dir listings enabled or if they are uploadable

Topics

aws s3 s3bucket s3buckettester

Resources

Readme

License

Unlicense license
Activity

Stars

55 stars

Watchers

3 watching

Forks

26 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages