Adding some S3 enumeration

Now let's say that we want to enumerate what S3 buckets exist in the account and what files are in those buckets. Currently, our test IAM user does not have S3 permissions, so I have gone ahead and directly attached the AWS-managed policy AmazonS3ReadOnlyAccess to our user. If you need help doing so for your own user, refer to Chapter 9, Identity Access Management on AWS.

We will add the following code to the bottom of the existing script that we have already created. First, we will want to figure out what S3 buckets are in the account, so we will need a new boto3 client set up to target S3:

client = session.client('s3') 

Then we will use the list_buckets method to retrieve a list of S3 buckets in the account. Note ...

Get Hands-On AWS Penetration Testing with Kali Linux now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.