Skip to content

xplt-r/s3hunter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

18 Commits
README.md
README.md
Β 
Β 
common_bucket_prefixes.txt
common_bucket_prefixes.txt
Β 
Β 
requirements.txt
requirements.txt
Β 
Β 
s3hunter.py
s3hunter.py
Β 
Β 

Repository files navigation

S3 Hunter πŸͺ£

An advanced, high-speed S3 bucket discovery tool for bug bounty hunters and cloud security researchers. βœ… Supports AWS signed detection, progress bar, color-coded output, retries, proxy, and customizable hiding of noisy status codes like 404/403. ⚑ Easily scan thousands of bucket permutations like company-admin, admin-company, etc.

πŸš€ Features

Combine prefixes + company name + suffixes dynamically

Colorful output using colorama (green = found, yellow = not found, red = error)

Detects AWS signed buckets

Supports HTTP + HTTPS check

Progress bar with tqdm

Multithreading with user-defined threads

Retries for flaky networks

Timeout & proxy support

Hide status codes (e.g. hide 404/403 from console)

βš™οΈ Installation

git clone https://github.com/xplt-r/s3hunter
cd s3hunter
pip3 install -r requirements.txt

πŸ“ Usage Example

python3 s3finder.py -C amazon -w wordlist.txt -o found_buckets.txt --threads 20 --retries 3 --timeout 7 --hide-status 403,404

πŸ“Œ Options

-C, --companyCompany name (required)

-w, --wordlistWordlist file path (required)

-o, --outputSave results to file

-t, --threadsNumber of threads (default: 10)

--timeoutRequest timeout in seconds (default: 5)

--retriesNumber of retries per URL (default: 2)

--proxyUse proxy (e.g. http://127.0.0.1:8080)

--hide-statusComma-separated HTTP codes to hide (e.g. 403,404)

🌟 Example Output

[βœ… FOUND] https://admin-amazon.s3.amazonaws.com (200) [AWS SIGNED]
[❌ NOT FOUND] http://amazon-admin.s3.amazonaws.com (404)
[⚠️ ERROR] https://some-bucket.s3.amazonaws.com | ConnectTimeout: HTTPSConnectionPool...

πŸ’‘ Notes

The tool generates combinations like: keyword-company, company-keyword, company

Use small wordlists for faster scanning; large wordlists may generate a huge number of requests!

Respect AWS rate limits; too many requests may result in blocking or throttling.

πŸ‘‘ Credits

⚑ Inspired from LazyS3 by Nahamsec, built from scratch for speed & flexibility. Made by a bug bounty hunter, for bug bounty hunters.

πŸ›  Example Wordlist

admin
cdn
media
backup
assets
dev
staging
public
private

πŸ”’ Disclaimer

This tool is for educational and authorized testing purposes only. Do not use against systems without explicit permission.

πŸ“Œ Future Enhancements Ideas

βœ… Silent mode

βœ… JSON report option

βœ… Auto-resume on interruption

πŸ‘‰ Feel free to fork, modify, and contribute!

About

s3hunter is a powerful AWS s3 buckets finding tool written in Python

Topics

automation cloud tools tool s3-bucket enumeration bug-bounty recon bugbounty reconnaissance automationtool enumeration-tool cloud-recon

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages