Amazon & Digital Ocean Buckets

Look for static content in HTML, you can find content hosted on s3 bucket for example and then exploit it

AWS Bucket access (SSRF for example)

# You can get informations and secret about an S3 bucket

# Credentials, main goal

# You might need the zone

# Then set 

Amazon S3 (AWS) Buckets

# Tools like AWSBucketDump can enumerate AWS S3 buckets

Teh S3 Bucketeers

# You need an AWS account and set your API key in ~/.aws/credentials
aws_access_key_id = <key>
aws_secret_access_key = <secret>

# Then just run it
./ <target> <target>

Slurp (

# Go tool to enumerates S3 buckets manually or via certstream
slurp domain <-t|--target>
slurp keyword <-t|--target> linux,golang,python
slurp certstream

Bucket Stream (

# Find interesting Amazon S3 Buckets by watching certificate transparency logs.
# This tool simply listens to various certificate transparency logs (via certstream) 
# and attempts to find public S3 buckets from permutations of the certificates domain name

# Basic

# You can put credentials / API key in confi.yml file and the tool will try to authenticate and identify bucket owners

Space Finder – Digital Ocean (

# Spaces finder is a tool to quickly enumerate DigitalOcean Spaces to look for loot. 
# It's similar to a subdomain bruteforcer but is made specifically for DigitalOcean Spaces
# Use SecLists as wordlists
# If targetting specific company, uses enumall tool to get wordlist

python3 -l SpacesNames.txt -g interesting_keywords.txt -D -m 500000 -d 1 -t 5