AWS bucket with Object listing

What is the "AWS bucket with Object listing?" module?

The "AWS bucket with Object listing" module is a test case designed to detect misconfigurations in AWS S3 buckets. It focuses on identifying instances where the bucket's object listing is exposed, potentially leading to unauthorized access to sensitive data. This module has a low severity level.

Author: pdteam

Impact

If the module detects a misconfigured AWS S3 bucket with object listing enabled, it indicates a potential security vulnerability. This misconfiguration could allow unauthorized users to view and access the contents of the bucket, potentially exposing sensitive data.

How does the module work?

The "AWS bucket with Object listing" module works by sending HTTP requests to the target AWS S3 bucket and analyzing the responses. It uses specific matching conditions to identify misconfigurations:

- The module checks if the response body contains the "<ListBucketResult xmlns=" string. - It also verifies if the response header includes the "application/xml" content type.

If both conditions are met, the module flags the bucket as potentially misconfigured.

Example HTTP request:

GET / HTTP/1.1
Host: example-bucket.s3.amazonaws.com

Note: The above example is a simplified representation of an HTTP request and may not include all the headers and parameters used in the actual module.

For more information, refer to the reference.

Metadata:

- max-request: 1