Amazon & Digital Ocean Buckets

Look for static content in HTML, you can find content hosted on s3 bucket for example and then exploit it


AWS Bucket access (SSRF for example)

# You can get informations and secret about an S3 bucket

# Credentials, main goal
http://169.254.169.254/latest/meta-data/iam/security-credentials/
http://169.254.169.254/latest/meta-data/iam/security-credentials/EC2toS3/

# You might need the zone
http://169.254.169.254/latest/dynamic/instance-identity/document

# Then set 
# AWS_ACCESS_KEY_ID
# AWS_SECRET_ACCESS_KEY
# AWS_DEFAULT_REGION
# AWS_SESSION_TOKEN


Amazon S3 (AWS) Buckets

# Tools like AWSBucketDump can enumerate AWS S3 buckets
https://github.com/jordanpotti/AWSBucketDump


Teh S3 Bucketeers

https://github.com/tomdev/teh_s3_bucketeers/

# You need an AWS account and set your API key in ~/.aws/credentials
[default]
aws_access_key_id = <key>
aws_secret_access_key = <secret>

# Then just run it
./bucketeer.sh <target> <target>


Slurp (https://github.com/0xbharath/slurp)

# Go tool to enumerates S3 buckets manually or via certstream
slurp domain <-t|--target> google.com
slurp keyword <-t|--target> linux,golang,python
slurp certstream


Bucket Stream (https://github.com/eth0izzle/bucket-stream)

# Find interesting Amazon S3 Buckets by watching certificate transparency logs.
# This tool simply listens to various certificate transparency logs (via certstream) 
# and attempts to find public S3 buckets from permutations of the certificates domain name

# Basic
python3 bucket-stream.py

# You can put credentials / API key in confi.yml file and the tool will try to authenticate and identify bucket owners


Space Finder – Digital Ocean (https://github.com/appsecco/spaces-finder)

# Spaces finder is a tool to quickly enumerate DigitalOcean Spaces to look for loot. 
# It's similar to a subdomain bruteforcer but is made specifically for DigitalOcean Spaces
# Use SecLists as wordlists
# If targetting specific company, uses enumall tool to get wordlist

python3 spaces_finder.py -l SpacesNames.txt -g interesting_keywords.txt -D -m 500000 -d 1 -t 5