Overview of S3 Buckets

S3 buckets are used by customers and end users to store text documents, PDFs, videos, images, etc. To store all these data, the user needs to create a bucket with a unique name.

Listed below are several techniques that can be adopted to identify AWS S3 Buckets:

• Inspecting HTML: Analyze the source code of HTML web pages in the background to find URLs to the target S3 buckets
• Brute-Forcing URL: Use Burp Suite to perform a brute-force attack on the target bucket’s URL to identify its correct URL
• Finding subdomains: Use tools such as Findsubdomains and Robtex to identify subdomains related to the target bucket
• Reverse IP Search: Use search engines such as Bing to perform reverse IP search to identify the domains of the target S3 buckets
• Advanced Google hacking: Use advanced Google search operators such as “inurl” to search for URLs related to the target S3 buckets

It will ask for the following details:

• AWS Access Key ID
• AWS Secret Access Key
• Default region name
• Default output format