Threat Actor Mindset: SDNS Tool for Discovering Cloud Buckets

By /

Listen to this Post

S3DNS is a powerful tool designed to help security professionals and threat actors discover exposed S3 buckets across AWS, GCP, and Azure while browsing. Acting as a DNS server, it follows CNAME records and matches bucket patterns, making it easier to identify misconfigured cloud storage.

Github Repository

🔗 S3DNS on GitHub

Reddit Demo

🔗 Reddit Post (Tool Demo)

You Should Know: How to Use S3DNS for Security Testing

Installation Steps

1. Clone the Repository:

git clone https://github.com/olizimmermann/s3dns.git
cd s3dns

2. Install Dependencies:

pip install -r requirements.txt

3. Run S3DNS:

python s3dns.py --interface eth0

Key Commands & Usage

  • Scan for Buckets:
    python s3dns.py --target example.com

  • Enable Debug Mode:

    python s3dns.py --debug

  • Save Output to File:

    python s3dns.py --output buckets.txt

Verifying Bucket Permissions

Once a bucket is found, check its permissions using AWS CLI:

aws s3 ls s3://bucket-name --no-sign-request

If the bucket is misconfigured, you may be able to list or download files:

aws s3 cp s3://bucket-name/file.txt .

Automating with Bash

for bucket in $(cat buckets.txt); do
aws s3 ls "s3://$bucket" --no-sign-request || echo "Bucket $bucket is secure"
done

What Undercode Say

S3DNS is a critical tool for identifying exposed cloud storage, often leading to data breaches if buckets are misconfigured. Security teams should:
– Regularly audit S3/GCP/Azure buckets
– Enforce least-privilege access policies
– Monitor DNS logs for suspicious CNAME resolutions

Related Linux & Cloud Commands

  • Check Open DNS Resolvers:
    nmap -sU -p 53 --script dns-recursion <target>

  • Enumerate S3 Buckets via CLI:

    curl -s http://s3.amazonaws.com/[bucket-name]/

  • Scan for Publicly Accessible Buckets:

    s3scanner scan --bucket-list buckets.txt

  • AWS S3 Security Check:

    aws s3api get-bucket-acl --bucket [bucket-name]

  • GCP Storage Check:

    gsutil iam get gs://bucket-name

Expected Output:

A detailed report of discovered buckets, permissions, and potential exposures. Always use this tool ethically and report findings to the respective organizations.

🔗 Further Reading:

References:

Reported By: Abhirup Konwar – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: