MCPcopy Index your code
hub / github.com/KingOfBugbounty/s3tk

github.com/KingOfBugbounty/s3tk @main

Chat with this repo
repository ↗ · DeepWiki ↗ · + Follow
12 symbols 25 edges 1 files 0 documented · 0% updated 9mo ago★ 90
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

ChatGPT Image 12 de set de 2025, 21_02_01

S3Scan - S3 Bucket Security Scanner / @✖️OFJAAAH

A powerful S3 bucket security scanner designed for penetration testing and bug bounty hunting

Go Version License Platform Release

This tool automatically detects misconfigurations and security vulnerabilities in AWS S3 buckets.

Features

  • Comprehensive Security Testing: Tests for multiple S3 bucket vulnerabilities
  • Multiple Input Formats: Supports various S3 URL formats and bucket names
  • Permission Testing: Checks LIST, UPLOAD, DELETE, and TAKEOVER capabilities
  • Batch Processing: Scan multiple buckets from stdin input
  • Colorized Output: Easy-to-read results with color-coded vulnerability status
  • Detailed Reporting: Comprehensive summary of findings

Security Tests Performed

1. Bucket Existence Check

  • Verifies if the S3 bucket exists
  • Identifies non-existent buckets that could be claimed

2. List Permissions (READ)

  • Tests if bucket contents can be enumerated
  • Detects publicly readable buckets
  • Risk: Information disclosure, data exposure

3. Upload Permissions (WRITE)

  • Tests if files can be uploaded to the bucket
  • Identifies writable buckets
  • Risk: Malicious file upload, defacement, hosting malware

4. Delete Permissions (DELETE)

  • Tests if objects can be deleted from the bucket
  • Detects buckets with delete permissions
  • Risk: Data destruction, denial of service

5. Bucket Takeover Detection

  • Identifies non-existent buckets that can be claimed
  • Tests multiple AWS regions for takeover opportunities
  • Risk: Subdomain takeover, brand impersonation

Installation

Prerequisites

  • Go 1.21 or higher
  • Internet connection for S3 API testing

Building from Source

  1. Clone or download the source code
  2. Navigate to the project directory
  3. Build the binary:
go build -o s3scan main.go

Quick Setup

# Make the binary executable
chmod +x s3scan

# Optional: Move to system PATH
sudo mv s3scan /usr/local/bin/

Usage

Basic Usage

The tool reads S3 bucket URLs or names from stdin:

# Single bucket
echo "my-test-bucket" | ./s3scan

# Multiple buckets from file
cat buckets.txt | ./s3scan

# Multiple buckets inline
echo -e "bucket1\nbucket2\nbucket3" | ./s3scan

Supported Input Formats

The scanner accepts various S3 URL formats:

  • Bucket name: my-bucket-name
  • Virtual-hosted style: https://my-bucket.s3.amazonaws.com
  • Path-style: https://s3.amazonaws.com/my-bucket
  • S3 URI: s3://my-bucket-name

Example Commands

# Scan from a list of domains/subdomains
subfinder -d example.com | grep s3 | ./s3scan

# Scan buckets found during reconnaissance
echo "company-backups" | ./s3scan
echo "app-uploads" | ./s3scan
echo "static-assets" | ./s3scan

# Batch scan from file
cat << EOF | ./s3scan
company-data
backup-bucket
public-assets
user-uploads
EOF

Integration with Other Tools

# With subfinder and grep
subfinder -d target.com | grep -i s3 | ./s3scan

# With amass
amass enum -d target.com | grep s3 | ./s3scan

# With waybackurls
echo "target.com" | waybackurls | grep s3 | ./s3scan

Output Interpretation

Vulnerability Status

  • [VULNERABLE] - Red: Misconfiguration detected
  • [SECURE] - Green: No vulnerabilities found
  • [EXISTS] - Green: Bucket exists and accessible
  • [NOT FOUND] - Yellow: Bucket doesn't exist
  • [TAKEOVER POSSIBLE] - Magenta: Bucket can be claimed

Permission Types

  • [LIST] - Can enumerate bucket contents
  • [UPLOAD] - Can upload files to bucket
  • [DELETE] - Can delete objects from bucket
  • [TAKEOVER] - Bucket doesn't exist and can be claimed

Example Output

[MISCONFIGURED] company-backups
  └─ [LIST] Public read access - can enumerate bucket contents
  └─ [UPLOAD] Public write access - can upload malicious files

[TAKEOVER POSSIBLE] old-app-assets
  └─ [TAKEOVER] Bucket doesn't exist - can be claimed for subdomain takeover

[SECURE] private-data

Legal and Ethical Usage

⚠️ IMPORTANT: This tool is designed for: - Authorized penetration testing - Bug bounty programs - Security assessments on systems you own - Educational purposes

DO NOT USE for: - Unauthorized testing of third-party systems - Malicious activities - Illegal access attempts

Always ensure you have proper authorization before testing any S3 buckets.

Defensive Recommendations

If vulnerabilities are found:

  1. For LIST vulnerabilities: Configure bucket policies to deny public read access
  2. For UPLOAD vulnerabilities: Remove public write permissions, implement proper IAM policies
  3. For DELETE vulnerabilities: Restrict delete permissions to authorized users only
  4. For TAKEOVER opportunities: Claim unused buckets or ensure they're not referenced in applications

Contributing

This tool is designed for security professionals and researchers. Contributions that improve detection capabilities or add new security tests are welcome.

License

This tool is provided for educational and authorized testing purposes only.

Core symbols most depended-on inside this repo

getRandomColor
called by 3
main.go
checkBucketExistence
called by 2
main.go
printBanner
called by 1
main.go
extractBucketName
called by 1
main.go
testS3List
called by 1
main.go
testS3Upload
called by 1
main.go
testS3Delete
called by 1
main.go
testBucketTakeover
called by 1
main.go

Shape

Function 11
Struct 1

Languages

Go100%

Modules by API surface

main.go12 symbols

For agents

$ claude mcp add s3tk \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact