Ethical Hacking Tutorials

Ethical Hacking Tutorials, Tips and Tricks

sandcastle: AWS S3 bucket enumeration

A Python script for AWS S3 bucket enumeration.

Inspired by a conversation with Instacart’s @nickelser on HackerOne, I’ve optimized and published Sandcastle – a Python script for AWS S3 bucket enumeration, formerly known as bucketCrawler.

The script takes a target’s name as the stem argument (e.g. shopify) and iterates through a file of bucket name permutations, such as the ones below:




git clone


usage: [-h] (-t targetStem | -f inputFile) [-b bucketFile]
                     [-o outputFile]

  -h, --help            show this help message and exit
  -t targetStem, --target targetStem
                        Select a target stem name (e.g. 'shopify')
  -f inputFile, --file inputFile
                        Select a target list file
  -b bucketFile, --bucket-list bucketFile
                        Select a bucket permutation file (default: bucket-
  -o outputFile, --output outputFile
                        Select a output file


Status codes and testing

Status code Definition Notes
404 Bucket Not Found Not a target for analysis (hidden by default)
403 Access Denied Potential target for analysis via the CLI
200 Publicly Accessible Potential target for analysis via the CLI


   ____             __             __  __
  / __/__ ____  ___/ /______ ____ / /_/ /__
 _ / _ `/ _ / _  / __/ _ `(_-</ __/ / -_)

S3 bucket enumeration // release v1.2.5 // ysx

[*] Commencing enumeration of 'shopify', reading 163 lines from 'bucket-names.txt'.

[+] Checking potential match: shopify-content --> 403

An error occurred (AccessDenied) when calling the ListObjects operation: Access Denied


Copyright (c) 2017 Yasin Soliman


Updated: October 3, 2018 — 5:20 am

Leave a Reply

Your email address will not be published. Required fields are marked *

Ethical Hacking Tutorials © 2018
Skip to toolbar