Packages and Binaries:


This package contains a tool to find open S3 buckets and dump their contents. The features are:

  • zap Multi-threaded scanning
  • telescope Supports tons of S3-compatible APIs
  • female_detective Scans all bucket permissions to find misconfigurations
  • floppy_disk Dump bucket contents to a local folder
  • whale Docker support

Installed size: 69 KB
How to install: sudo apt install s3scanner

  • python3
  • python3-boto3
[email protected]:~# s3scanner -h
usage: s3scanner [-h] [--version] [--threads n] [--endpoint-url ENDPOINT_URL]
                 [--endpoint-address-style {path,vhost}] [--insecure]
                 {scan,dump} ...

s3scanner: Audit unsecured S3 buckets
           by Dan Salmon -, @bltjetpack

  -h, --help            show this help message and exit
  --version             Display the current version of this tool
  --threads n, -t n     Number of threads to use. Default: 4
  --endpoint-url ENDPOINT_URL, -u ENDPOINT_URL
                        URL of S3-compliant API. Default:
  --endpoint-address-style {path,vhost}, -s {path,vhost}
                        Address style to use for the endpoint. Default: path
  --insecure, -i        Do not verify SSL

  {scan,dump}           (Must choose one)
    scan                Scan bucket permissions
    dump                Dump the contents of buckets

Updated on: 2022-Nov-16