Enumerate Storage Buckets
Tools
- Cloud Enum Link.
-
AWS CLI:
sudo apt install awscli - AWS CLI documentation.
Process
-
To enumerate public resources in AWS, Azure and Google Cloud
search for part of the name:
cloud_enum -k app_name -
If a S3 bucket is found:
-
Create a profile (you will then be prompted for the
AWS Access Key ID and AWS Secret Access Key):
aws configure –profile profile_name -
Access the bucket with the desired profile:
aws s3 ls s3://injuredandroid –profile profile_name - If the bucket was accessible with the key id and access key found in the source code, leaked credentials can be mentioned in a Bug Bounty program.
-
Create a profile (you will then be prompted for the
AWS Access Key ID and AWS Secret Access Key):
- Check Awseye.