Finding Interesting Amazon S3 Buckets

Bucket Stream

From the webpage:

This tool simply listens to various certificate transparency logs (via certstream) and attempts to find public S3 buckets from permutations of the certificates domain name.

(graphic omitted)

Be responsible. I mainly created this tool to highlight the risks associated with public S3 buckets and to put a different spin on the usual dictionary based attacks.
… (emphasis in original)

If you find the March of Dimes or the International Federation of the Red Cross and Red Crescent with an insecure Amazon S3 bucket, take the author’s advice and report it.

If asked about Amazon S3 buckets belonging to groups, organizations and governments actively seeking to harm others, I would answer differently.


Comments are closed.