A high-performance security tool for discovering AWS S3 buckets and CloudFront distributions on target websites.
AWS-Scanner efficiently scans a list of URLs to identify exposed AWS resources including:
- Amazon S3 buckets
- CloudFront distributions
The scanner outputs clean CSV files with discovered resources for further analysis.
- ✅ Auto-detection of URL protocols (http/https)
- ✅ Smart JavaScript filtering to avoid parsing messy inline scripts
- ✅ Response size limiting (5MB) to prevent memory issues
- ✅ Unified regex engine for efficient pattern matching
- ✅ Deduplication of discovered resources
- ✅ Clean CSV output with normalized HTTPS URLs
- ✅ Concurrent scanning with configurable timeouts
- Go 1.16 or later
# Clone the repository
git clone https://github.com/random-robbie/AWS-Scanner.git
cd AWS-Scanner
# Download dependencies
go mod tidy
# Build the binary
go build -o aws-scanner main.gogo run main.go --list list.txtBuild the Docker image:
docker build -t aws-scanner .Run the scanner with Docker:
# Mount your URL list and output directory
docker run -v $(pwd)/list.txt:/app/list.txt -v $(pwd)/output:/app/output aws-scanner --list list.txt
# The CSV files will be saved to ./output directoryOr use docker-compose (create a docker-compose.yml):
version: '3.8'
services:
aws-scanner:
build: .
volumes:
- ./list.txt:/app/list.txt
- ./output:/app/output
command: --list list.txtThen run:
docker-compose up./aws-scanner --list list.txtCreate a text file (list.txt) with one URL per line:
github.com
https://www.example.com
http://test.com
Note: URLs can be provided with or without protocol prefixes (http:// or https://). The scanner will automatically detect and normalize them.
The scanner generates two CSV files:
s3-bucket.csv- Discovered S3 bucketscloudfront.csv- Discovered CloudFront distributions
Format: source_url,discovered_resource
Example:
https://github.com/,https://github-cloud.s3.amazonaws.com
https://example.com/,https://example-assets.cloudfront.net- Unified regex function for cleaner codebase
- Auto-detection of URL protocols
- JavaScript and script tag filtering
- Response body size limiting
- Normalized HTTPS-only output
- Duplicate resource removal
Contributions are welcome! Please feel free to submit pull requests or open issues for bugs and feature requests.
See CONTRIBUTING.md for guidelines.
See LICENSE file for details.
Special thanks to Glove for contributions.
Use a VPS from DigitalOcean:
Disclaimer: This tool is intended for security research and authorized testing only. Always obtain proper authorization before scanning any websites or networks you do not own.