Skip to content

xplt-r/s3hunter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
README.md
README.md
 
 
common_bucket_prefixes.txt
common_bucket_prefixes.txt
 
 
requirements.txt
requirements.txt
 
 
s3hunter.py
s3hunter.py
 
 

Repository files navigation

S3 Hunter 🪣

An advanced, high-speed S3 bucket discovery tool for bug bounty hunters and cloud security researchers. ✅ Supports AWS signed detection, progress bar, color-coded output, retries, proxy, and customizable hiding of noisy status codes like 404/403. ⚡ Easily scan thousands of bucket permutations like company-admin, admin-company, etc.

🚀 Features

Combine prefixes + company name + suffixes dynamically

Colorful output using colorama (green = found, yellow = not found, red = error)

Detects AWS signed buckets

Supports HTTP + HTTPS check

Progress bar with tqdm

Multithreading with user-defined threads

Retries for flaky networks

Timeout & proxy support

Hide status codes (e.g. hide 404/403 from console)

⚙️ Installation

git clone https://github.com/xplt-r/s3hunter
cd s3hunter
pip3 install -r requirements.txt

📝 Usage Example

python3 s3finder.py -C amazon -w wordlist.txt -o found_buckets.txt --threads 20 --retries 3 --timeout 7 --hide-status 403,404

📌 Options

-C, --companyCompany name (required)

-w, --wordlistWordlist file path (required)

-o, --outputSave results to file

-t, --threadsNumber of threads (default: 10)

--timeoutRequest timeout in seconds (default: 5)

--retriesNumber of retries per URL (default: 2)

--proxyUse proxy (e.g. http://127.0.0.1:8080)

--hide-statusComma-separated HTTP codes to hide (e.g. 403,404)

🌟 Example Output

[✅ FOUND] https://admin-amazon.s3.amazonaws.com (200) [AWS SIGNED]
[❌ NOT FOUND] http://amazon-admin.s3.amazonaws.com (404)
[⚠️ ERROR] https://some-bucket.s3.amazonaws.com | ConnectTimeout: HTTPSConnectionPool...

💡 Notes

The tool generates combinations like: keyword-company, company-keyword, company

Use small wordlists for faster scanning; large wordlists may generate a huge number of requests!

Respect AWS rate limits; too many requests may result in blocking or throttling.

👑 Credits

⚡ Inspired from LazyS3 by Nahamsec, built from scratch for speed & flexibility. Made by a bug bounty hunter, for bug bounty hunters.

🛠 Example Wordlist

admin
cdn
media
backup
assets
dev
staging
public
private

🔒 Disclaimer

This tool is for educational and authorized testing purposes only. Do not use against systems without explicit permission.

📌 Future Enhancements Ideas

✅ Silent mode

✅ JSON report option

✅ Auto-resume on interruption

👉 Feel free to fork, modify, and contribute!

About

s3hunter is a powerful AWS s3 buckets finding tool written in Python

Topics

automation cloud tools tool s3-bucket enumeration bug-bounty recon bugbounty reconnaissance automationtool enumeration-tool cloud-recon

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages