Favicon of s3scanner

s3scanner

Multi-threaded command-line tool that identifies open and misconfigured S3 buckets across AWS, GCP, DigitalOcean, and other cloud providers. Perfect for security audits and penetration testing.

Find exposed cloud storage buckets with s3scanner, a powerful command-line tool designed for security professionals and developers. This tool scans for misconfigured S3 buckets across multiple cloud providers including AWS, GCP, DigitalOcean, DreamHost, Linode, and Scaleway.

Key capabilities include:

  • Multi-threaded scanning for fast bucket enumeration across large datasets
  • Multi-provider support covering AWS, GCP, DigitalOcean, and custom storage endpoints
  • Permission analysis that identifies all bucket access misconfigurations
  • Database integration to save and track results in PostgreSQL
  • RabbitMQ support for automated, scalable scanning workflows
  • Object enumeration to discover what's stored in accessible buckets
  • Docker deployment for containerized security operations

Whether you're conducting cloud security audits, performing penetration tests, or validating bucket configurations, s3scanner provides the speed and flexibility needed to identify public buckets before attackers do. The tool supports batch scanning from files, single bucket checks, or integration with message queues for enterprise-scale operations.

Features

Async I/OConfig fileJSON outputScriptable

Media

Pros

5
  • Multi-threaded scanning for speed
  • Supports numerous cloud providers
  • Identifies misconfigured S3 buckets
  • Can save results to a PostgreSQL database
  • Integrates with RabbitMQ for automated scanning

Related tools

Categories:

Share:

Auto-fetched .

Recent releases

Similar to s3scanner

Favicon

 

  
 
Favicon

 

  
 
Favicon