id: aws-s3-bucket-enum info: name: AWS S3 Buckets - Cloud Enumeration author: initstring severity: info description: | Searches for open and protected buckets in AWS S3 metadata: verified: true max-request: 1 tags: cloud,cloud-enum,aws self-contained: true variables: BaseDNS: "s3.amazonaws.com" http: - raw: - | GET http://{{wordlist}}.{{BaseDNS}} HTTP/1.1 Host: {{wordlist}}.{{BaseDNS}} redirects: false attack: batteringram threads: 10 matchers-condition: or matchers: - type: status name: "Open AWS S3 Bucket" status: - 200 - type: status name: "Protected AWS S3 Bucket" status: - 403