Public access buckets have open read access to all who can access the bucket. So, a user would need to know the URL of an object for access to it, but the only other restriction is the IP whitelist on the bucket. In this case they would not need to use any special tools for access a file in a public bucket. A simple curl or browser request would be able to access any file in the bucket. So, for example if you bucket is called anonymous, and you have a file called x.txt then the following command would work to access it:
You should note that IP whitelisting still apply though to this access. Please also be aware that, S3 is case sensitive so the case of the filenames etc matters.
Note, this only provides read access. It does not provide list, write or delete access to objects. If you go through the S3 REST interface - to do those commands/actions then you would still need key validation (and the usual S3 permissions) for access to the bucket.