Scribd
Upload
56 views

Lab Assignment 15

Ceh lab

Uploaded by

personrandomgoku
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
56 views

Lab Assignment 15

Ceh lab

Uploaded by

personrandomgoku
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Lab Assignment Number 15

Lab Assignment Name Perform S3 Bucket Enumeration using Various S3 Bucket


Enumeration Tools.
Screenshots (Paste at least 5 screenshots here):
1. Enumerate S3 buckets using lazys3 as follows: -
2. Enumerate S3 buckets using S3Scanner as follows: -
Lab Observations/Information Gathered:
1. Enumerate S3 Buckets using lazys3
lazys3 is a Ruby script tool that is used to brute-force AWS S3 buckets using different
permutations. This tool obtains the publicly accessible S3 buckets and also allows you to search
the S3 buckets of a specific company by entering the company name.
A Parrot Terminal window appears. In the terminal window, type sudo su and press Enter to
run the programs as a root user.
If a Question pop-up window appears asking for you to update the machine, click No to close
the window.
In the [sudo] password for attacker field, type toor as a password and press Enter.
The password that you type will not be visible.
Now, type cd and press Enter to jump to the root directory.
In the terminal window, type cd lazys3 and press Enter to navigate to the cloned repository.
We have already downloaded lazys3 tool in the Lab setup.
In the lazys3 folder, type ls and press Enter to list the folder content.
The folder content is displayed; here, we will run the lazys3.rb script to find the public S3
buckets.
Now, type ruby lazys3.rb and press Enter.
A list of public S3 buckets is displayed
You can search the S3 buckets of specific company. To do so, type ruby lazys3.rb
[Company] and press Enter.
Here, the target company name is HackerOne; you can enter the company name of your
choice.
The result appears, showing the obtained list of S3 buckets of the specified company.
It will take some time to obtain a complete list of the available S3 buckets.

2. Enumerate S3 Buckets using S3Scanner


S3Scanner is a tool that finds the open S3 buckets and dumps their contents. It takes a list of
bucket names to check as its input. The S3 buckets that are found are output to a file. The tool
also dumps or lists the contents of “open” buckets locally.
Here, we will use the S3Scanner tool to enumerate open S3 buckets.
Type cd S3Scanner and press Enter to navigate to the cloned repository.
By default, the tool is cloned to the root directory.
In the S3Scanner folder, type pip3 install -r requirements.txt and press Enter to install the
required dependencies.
After the successful installation of the dependencies, in the terminal window, type python3
./s3scanner.py sites.txt and press Enter to run the tool.
Here, sites.txt is a text file containing the target website URL that is scanned for open S3
buckets. You can edit the sites.txt file to enter the target website URL of your choice.
The result appears, displaying a list of public S3 buckets, as shown in the screenshot.
You might encounter the following error: “AWS credentials not configured.” Ignore the error, as
we will install and configure the AWS CLI in the next lab.
Apart from the aforementioned command, you can use the S3Scanner tool to perform the
following functions:
 Dump all open buckets and log both open and closed buckets in found.txt:
python3 ./s3scanner.py --include-closed --out-file found.txt --dump
names.txt
 Just log open buckets in the default output file (buckets.txt):
python3 ./s3scanner.py names.txt
 Save the file listings of all open buckets to a file:
python ./s3scanner.py --list names.txt
This concludes the demonstration of enumerating S3 buckets using the S3Scanner tool.
You can also use other S3 bucket enumeration tools such as S3Inspector (https://github.com),
s3-buckets-bruteforcer (https://github.com), Mass3 (https://github.com), Bucket Finder
(https://digi.ninja), and s3recon (https://github.com) to perform S3 bucket enumeration for a
target website or company.

Lab Assignment Submission Template

You might also like