Day 16: s3 Monster (gotta get ’em all)

You found an S3 bucket that’s open, you get the XML listing but wanna eat ’em all? Look no further, download all the files with s3-monster.py!

s3

For those who have not seen these on pentests or around the net, then these are s3 bucket listings. If you notice, it’s an XML document with meta info, like name, last modified and they key!

To download files you only need the key and bucket url, we assume you have bucket url although there are many ways to find these like tools that will also download the files, but for this we want to do it ourselves to learn and also we will drop this in to WEBPWN to exfiltrate from any exposed s3 buckets for deeper recon/treasure hunting without the big project codes.

The code is pretty easy to understand with comments but if you have any issues, hit me up on Twitter, @int0x33.

s3-monster.py