Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

AWS bucket with Object listing

By kannthu

Vidoc logoVidoc Module

What is the "AWS bucket with Object listing?" module?

The "AWS bucket with Object listing" module is a test case designed to detect misconfigurations in AWS S3 buckets. It focuses on identifying instances where the bucket's object listing is exposed, potentially leading to unauthorized access to sensitive data. This module has a low severity level.

Author: pdteam


If the module detects a misconfigured AWS S3 bucket with object listing enabled, it indicates a potential security vulnerability. This misconfiguration could allow unauthorized users to view and access the contents of the bucket, potentially exposing sensitive data.

How does the module work?

The "AWS bucket with Object listing" module works by sending HTTP requests to the target AWS S3 bucket and analyzing the responses. It uses specific matching conditions to identify misconfigurations:

- The module checks if the response body contains the "<ListBucketResult xmlns=" string. - It also verifies if the response header includes the "application/xml" content type.

If both conditions are met, the module flags the bucket as potentially misconfigured.

Example HTTP request:

GET / HTTP/1.1

Note: The above example is a simplified representation of an HTTP request and may not include all the headers and parameters used in the actual module.

For more information, refer to the reference.


- max-request: 1

Module preview

Concurrent Requests (0)
Passive global matcher
word: <ListBucketResult xmlns=and
word: application/xml
On match action
Report vulnerability