Get full access to Hands-On AWS Penetration Testing with Kali Linux and 60K+ other titles, with a free 10-day trial of O'Reilly.

There are also live events, courses curated by job role, and more.

Start your free trial

Adding some S3 enumeration

Now let's say that we want to enumerate what S3 buckets exist in the account and what files are in those buckets. Currently, our test IAM user does not have S3 permissions, so I have gone ahead and directly attached the AWS-managed policy AmazonS3ReadOnlyAccess to our user. If you need help doing so for your own user, refer to Chapter 9, Identity Access Management on AWS.

We will add the following code to the bottom of the existing script that we have already created. First, we will want to figure out what S3 buckets are in the account, so we will need a new boto3 client set up to target S3:

client = session.client('s3')

Then we will use the list_buckets method to retrieve a list of S3 buckets in the account. Note ...

Get Hands-On AWS Penetration Testing with Kali Linux now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Don’t leave empty-handed

Get Mark Richards’s Software Architecture Patterns ebook to better understand how to design components—and how they should interact.

It’s yours, free.

Get it now

Check it out now on O’Reilly

Dive in for free with a 10-day trial of the O’Reilly learning platform—then explore all the other resources our members count on to build skills and solve problems every day.

Start your free trial Become a member now