S3Scanner

It's a simple bash script to automate scanning Amazon S3 Buckets.

Prerequisite

Install and configure AWS CLI

Usage

S3Scanner.sh <bucket-name> [--all|all]

Adding --all or all as last argument also checks put-bucket-acl.

It immediately creates a directory with the same name as <bucket-name>. In case it finds something, they're stored in the directory. If not, the directory is simply deleted. The error log is stored inside /tmp as <bucket-name>.log

References

https://labs.detectify.com/2017/07/13/a-deep-dive-into-aws-s3-access-controls-taking-full-control-over-your-assets/