NEW: The State of AWS Security 2026 - Free WhitepaperFree AWS Security Whitepaper

S3 Security Scanner

Production-ready S3 security scanner with compliance mapping

A comprehensive, production-ready AWS S3 bucket security scanner with compliance mapping for CIS, AWS FSBP, PCI-DSS, HIPAA, SOC 2, ISO frameworks, and GDPR. Features multi-threaded scanning, object-level security analysis, DNS takeover detection, and detailed remediation guidance.

View on GitHub

Features

Security Analysis

Public access detection (ACLs, policies, settings)
Encryption assessment (SSE-S3, SSE-KMS)
Versioning, MFA delete, object lock
CORS configuration analysis
DNS takeover prevention
Object-level sensitive data patterns

Compliance

CIS AWS Foundations v3.0.0 (6 controls)
AWS FSBP (11 controls)
PCI DSS v4.0 (10 rules)
HIPAA Security Rule (7 rules)
SOC 2 Type II (12 controls)
ISO 27001/27017/27018
GDPR (21 controls)

Output

Security score 0-100 per bucket
JSON, CSV, HTML reports
Interactive dashboards with charts
Remediation guidance included

Installation & Usage

PyPI Installation

pip install s3-security-scanner

Docker

docker pull tarekcheikh/s3-security-scanner:latest

Commands

# Security scan all buckets
s3-security-scanner security


# Discover buckets for a target (no creds needed)
s3-security-scanner discover --target "company-name"


# DNS takeover check
s3-security-scanner dns --domain example.com

Security Checks

Public Access Block DisabledCRITICAL

Public Bucket PolicyCRITICAL

Public ACL AccessCRITICAL

No SSL/TLS EnforcementHIGH

No EncryptionHIGH

Public Objects FoundHIGH

No VersioningMEDIUM

Sensitive Objects FoundMEDIUM

No LoggingLOW

Risky CORSLOW

Compliance Frameworks

100%

CIS AWS Foundations v3.0.0

100%

AWS FSBP

100%

PCI DSS v4.0

100%

HIPAA Security Rule

Variable

SOC 2 Type II

7 controls

ISO 27001:2022

21 controls

GDPR

Need Help Implementing?

We can help you deploy and customize this tool for your specific needs, or build custom solutions.