Attack

Enumerating public s3 buckets

  • To enumerate public S3 buckets in the account we will use a Open Source tool slurp. The Go binary built from github and is present in the current repo.
chmod +x slurp

Before running slurp, ensure that you have the AWS_PROFILE variable exported

Execute slurp with the following command to find Public S3 buckets,

./slurp internal

Bucket finder output