CyberSecurity Tool

S3 bucket enumeration simplified.

A web-based tool to scan the S3 bucket misconfiguration.

Introduction

When conducting bug hunting and penetration testing, you might come across S3 bucket endpoints and want to confirm if the S3 bucket is misconfigured. To do this, you’ll need to set up the AWS Command Line Interface (CLI) and configure your AWS cloud access keys for authentication. There are several misconfigurations to look out for, not just public read and write access. To simplify this process, I have created a web-based scanning tool using Streamlit Python. In this post, I will guide you through how to use this tool during your bug-hunting process.

The scanner offers three options to check for misconfigurations based on the identified bucket information during penetration testing or bug hunting:

1. bucket-scan
2. s3-file-download
3. domain-based-s3-region-scan

Bucket-scan usage:

Bucket-scan option is useful when you know the bucket name and the region of the bucket. In general, the bucket region is disclosed via the S3 bucket URL endpoint…