How to search for Open Amazon s3 Buckets and their contents —


TLTR — This is the story of why I created a free tool that lists open s3 buckets and helps you search for interesting files.

For an intro on what Amazon open buckets is you can read this . In essence, many files are publicly accessible, some by design, some by incompetence of the admins. These files sometimes include very sensitive data. has a list of the biggest leaks recorded.

Since this was exposed, many projects have been created that can enumerate s3 buckets:

All these tools/projects have some common problems:

  • The real problem (at least for me) is where to find the list to bruteforce for buckets, not actually doing the bruteforce.

And like that I have created I took ideas from the tools/projects above, but I mostly rewrote them myself, and runned them on my infrastructure. The project’s features are:

  • It is a searchable database of open buckets.

Why create this ?

Although I consider my self a software engineer, I was always fascinated with security. I have on many occasions created multiple tools that mass scan for vulnerabilities, just to see if is possible. Although I created the tools, I never publish anything it always felt like I was wasting my time. is my attempt to present some of my work, even if it is anonymous.

The project is currently free and running on servers paid by me. There are some limitations in place to protect resources, but otherwise pentesters can use this on their daily tasks.

Whats to come in

Lots of cool things, if I have the time:

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store