id: aws-s3-bucket-enum

info:
  name: AWS S3 Buckets - Cloud Enumeration
  author: initstring
  severity: info
  description: |
    Searches for open and protected buckets in AWS S3
  metadata:
    verified: true
    max-request: 1
  tags: cloud,enum,cloud-enum,aws

self-contained: true

variables:
  BaseDNS: "s3.amazonaws.com"

http:
  - raw:
      - |
        GET http://{{wordlist}}.{{BaseDNS}} HTTP/1.1
        Host: {{wordlist}}.{{BaseDNS}}

    redirects: false

    attack: batteringram
    threads: 10

    matchers-condition: or
    matchers:
      - type: status
        name: "Open AWS S3 Bucket"
        status:
          - 200

      - type: status
        name: "Protected AWS S3 Bucket"
        status:
          - 403
# digest: 4b0a00483046022100c0cbb1d95cb9a7d7b9bd7a4bf578af739426ab59afa3faa001104c29c4ff999e022100cdfc9930e3c0ae01086792f1391ff33c22070722d3bd874d1e3f87f31c938a17:922c64590222798bb761d5b6d8e72950