I endorse nothing you’ll do with these tools, use them at your own risks.

---

Buckets

A bucket contains various types of data such as public files (static assets), but sometimes it’s used to store sensitive infos (logs, passwords…). Permissions are critical with buckets, it can leverage an attacker to abuse unauthenticated access or improper ACL permissions. An open upload policy could let an attacker upload a malicious file, such as a custom payload.

A practical example of public assets: Researcher discovers classified Army intel app, data on open public AWS bucket

As you probably guess it, not everyone applies security measures, and permissions are critical.

The two main bucket providers are AWS S3 & Azure Blob.

Online tools

Grayhatwarfare

Need a free account for extended search.

• https://buckets.grayhatwarfare.com

Osint.sh

• https://osint.sh/buckets

Dorking

Dorking is also a payout method.

site:s3.amazonaws.com AND intext:"password"
inurl:s3.amazonaws.com AND accounts

Wayback machine

If you have a target, you can try to enum modifications from archiving sources.

Metasploit module:

enum_wayback module

Web Archive:

• https://web.archive.org/

Archive:

• https://archive.vn/
• https://archive.md/
• https://archive.ph/

AWS CLI (basics)

List files

aws s3 ls s3://bucket.name

Download Files

aws s3 cp s3://bucket.name

Upload Files

aws s3 cp/mv file.txt s3://bucket.name

Remove Files

aws s3 rm s3://bucket.name/file.txt

CLI tool

• https://github.com/initstring/cloud_enum

Test your skills!

• http://flaws.cloud