Finding S3 Buckets by accident….
Finding Random S3 Buckets… with bad permissions the lazy way…
Ok so for those who have a nice full burp pro license here is an easy way to find s3 buckets with out browsing any websites.
Cloud Storage Tester
Install it and then get the settings sorted!
ok so once you have put your keys in from https://www.amazonaws.com you are nearly ready to go.
Time to install adblock plus… i can see you are thinking why the feck am i installing this adblocker!?!?!
well the answer is simple! because it has a massive list of domains inside it’s updates!
so after leaving burp alone with firefox and adblock i get this….
Now the ones you really really want are the ones that have the following….
the plugin uploads a blank file called text.txt to the bucket as part of it’s testing so this helps you confirm it’s vulnerable to public uploads.
Now to upload a file yourself as part of a POC for a bounty it’s simple.
Fire up a shell and type in
once installed type in aws configure and put in your details.
create a file called poc.txt and then put in your details.
aws s3 poc.txt s3://bucketname — acl public-read
and there we go!
this is a random bucket they do not have a bounty program!!
Catch me on twitter if you have any questions @random_robbie.
Remember for some bug bounty scans already done https://bugbounty.xsses.rocks