Scripts to find private buckets
Scripting is a highly sought-after skill when it comes to cybersecurity because having the knowledge and ability to script tasks allows you to automate and provide results at a much more efficient rate while also executing another task. Scripting is also a great way to solve problems that may be unique – in this case, finding buckets that may not have a common name. Buckets can only have one unique name and no bucket is the same, so having a dictionary list of known buckets won't assist you directly. What that means is you'll need to make a modified version of the bucket names and place those in a text file that can be used to discover bucket names.
Now that we have a vast amount of knowledge on S3, let's take a look at a couple of scripts that you could use on your next pentest engagement. We will look at two popular languages: Python and Bash.
Python scripting
Python is a standard programming language in the security...
