id: aws-s3-bucket-enum

info:
  name: AWS S3 Buckets - Cloud Enumeration
  author: initstring
  severity: info
  description: |
    Searches for open and protected buckets in AWS S3
  metadata:
    verified: true
    max-request: 1
  tags: cloud,enum,cloud-enum,aws

self-contained: true

variables:
  BaseDNS: "s3.amazonaws.com"

http:
  - raw:
      - |
        GET http://{{wordlist}}.{{BaseDNS}} HTTP/1.1
        Host: {{wordlist}}.{{BaseDNS}}

    redirects: false

    attack: batteringram
    threads: 10

    matchers-condition: or
    matchers:
      - type: status
        name: "Open AWS S3 Bucket"
        status:
          - 200

      - type: status
        name: "Protected AWS S3 Bucket"
        status:
          - 403
# digest: 490a00463044022042762e76cd970a173e2b6ebcdb6b5eb7a50dee876ca17dc086869e49cb7a0918022074319bef7221719f2a0af22f125dfe951d2bd8caa49399e5e9d0e703a7eac74e:922c64590222798bb761d5b6d8e72950