Configuration Reference
Complete reference for all s3finder flags and environment variables.
Command-Line Flags
Input Options
| Flag | Short | Default | Description |
|---|---|---|---|
--seed | -s | Target keyword for bucket name generation (permuted) | |
--domain | -d | Target domain for CT log subdomain discovery (as-is) | |
--ct-limit | 100 | Maximum subdomains to fetch from CT logs | |
--wordlist | -w | Path to wordlist file (raw) |
Performance Options
| Flag | Short | Default | Description |
|---|---|---|---|
--threads | -t | 50 | Number of concurrent workers |
--rps | 150 | Maximum requests per second | |
--timeout | 15 | Request timeout in seconds | |
--deep | true | Perform deep inspection on found buckets |
AI Options
| Flag | Short | Default | Description |
|---|---|---|---|
--ai | false | Enable AI-powered name generation | |
--ai-provider | openai | AI provider: openai, ollama, anthropic, gemini | |
--ai-model | gpt-4o-mini | AI model name | |
--ai-key | API key (or use environment variables) | ||
--ai-url | Base URL for custom endpoints or proxies | ||
--ai-count | 50 | Number of AI-generated names |
Output Options
| Flag | Short | Default | Description |
|---|---|---|---|
--output | -o | results.json | Output file path |
--format | -f | json | Output format: json, txt |
--no-color | false | Disable colored output | |
--verbose | -v | false | Verbose output |
Environment Variables
| Variable | Description |
|---|---|
OPENAI_API_KEY | OpenAI API key for AI generation |
ANTHROPIC_API_KEY | Anthropic API key for Claude |
GEMINI_API_KEY | Google Gemini API key |
HTTP Client Configuration
The internal HTTP client is optimized for high-throughput scanning:
| Setting | Value | Description |
|---|---|---|
| MaxIdleConns | 1000 | Maximum idle connections |
| MaxIdleConnsPerHost | 100 | Max idle connections per host |
| MaxConnsPerHost | 100 | Max connections per host |
| IdleConnTimeout | 30s | Idle connection timeout |
| TLSHandshakeTimeout | 5s | TLS handshake timeout |
Rate Limiting
s3finder uses an adaptive AIMD rate limiter:
- Ceiling: User-defined via
--rpsflag - Floor: 10 RPS minimum
- Decrease: Halves RPS after 3 consecutive 429/503 responses
- Increase: +10% RPS every 100 successful requests
Permutation Patterns
The permutation engine generates variations using these patterns:
Suffixes
text
-dev, -prod, -staging, -backup, -backups, -logs, -assets, -internal, -public, -private, -data, -files, -media, -static, -cdn, -api, -web, -app, -test, -temp, -archive, -old, -new, -v2, -betaPrefixes
text
dev-, prod-, staging-, backup-, test-, internal-, public-, private-, temp-, old-Years
text
-2022, -2023, -2024, -2025, -22, -23, -24, -25Regions
text
-us-east-1, -us-east-2, -us-west-1, -us-west-2, -eu-west-1, -eu-west-2, -eu-central-1, -ap-south-1, -ap-northeast-1, -ap-southeast-1S3 Bucket Naming Rules
s3finder validates all generated names against AWS S3 bucket naming rules:
- Length: 3-63 characters
- Lowercase letters, numbers, hyphens, and dots only
- Must start and end with a letter or number
- No consecutive periods
- Cannot be formatted as an IP address