<h1 id="heading-aws">AWS</h1>
<p><img src="https://cdn.hashnode.com/res/hashnode/image/upload/v1675838108739/9b145b08-f85f-4ff7-b51c-73c8281e4655.png" alt class="image--center mx-auto" /></p>
<h2 id="heading-s3">S3</h2>
<ul>
<li>Determine if a site is hosted as an S3 bucket. Whatever IP is returned will redirect you to AWS S3 landing page.</li>
</ul>
<pre><code class="lang-bash">dig +nocmd &lt;domain name&gt; any +multiline +noall +answer
</code></pre>
<ul>
<li>A reverse lookup shows what region the S3 bucket is hosted in.</li>
</ul>
<pre><code class="lang-bash">nslookup &lt;IP&gt;
<span class="hljs-comment"># Returns:</span>
<span class="hljs-comment"># Non-authoritative answer:</span>
<span class="hljs-comment"># IP.in-addr.arpa     name = s3-website-us-west-2.amazonaws.com</span>
</code></pre>
<ul>
<li>To list the contents of an S3 bucket, you can use the following CLI command. If the bucket is misconfigured it will list its contents. Alternatively, you can visit a URL crafted as: `<a target="_blank" href="http://flaws.cloud.s3.amazonaws.com/">http://&lt;domain name&gt;<a href="http://.s3.amazonaws.com/" class="autolinkedURL autolinkedURL-url" target="_blank">.s3.amazonaws.com</a></a>`</li>
</ul>
<pre><code class="lang-bash">aws s3 ls  s3://&lt;bucket name&gt;/ --no-sign-request --region &lt;region&gt;
</code></pre>


# AWS

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1675838108739/9b145b08-f85f-4ff7-b51c-73c8281e4655.png align="center")

## S3

* Determine if a site is hosted as an S3 bucket. Whatever IP is returned will redirect you to AWS S3 landing page.
    

```bash
dig +nocmd <domain name> any +multiline +noall +answer
```

* A reverse lookup shows what region the S3 bucket is hosted in.
    

```bash
nslookup <IP>
# Returns:
# Non-authoritative answer:
# IP.in-addr.arpa     name = s3-website-us-west-2.amazonaws.com
```

* To list the contents of an S3 bucket, you can use the following CLI command. If the bucket is misconfigured it will list its contents. Alternatively, you can visit a URL crafted as: \`[http://&lt;domain name&gt;.s3.amazonaws.com/](http://flaws.cloud.s3.amazonaws.com/)\`
    

```bash
aws s3 ls  s3://<bucket name>/ --no-sign-request --region <region>
```

Tadi Hecks

Tadi Hecks

Enumerating The Cloud

Table of contents

AWS

S3

Enumerating The Cloud

.css-nhzlhj{margin-right:1.25rem;height:1.25rem;width:1.25rem;fill:currentColor;opacity:0.5;}.css-ria9xh{margin-right:1.25rem;height:1.25rem;width:1.25rem;fill:currentColor;opacity:0.5;}Table of contents

AWS

S3

Table of contents