I've been playing around with https://github.com/eth0izzle/bucket-stream for a while.
Providing AWS keys and performing authenticated requests is strongly recommended, but I can't imagine Amazon would be very happy with someone making bulk requests to find open S3 buckets.
Does anybody here have experience with that? Do they ToS people for that or do they just not care?
@r000t They really don't seem to care. They don't care about SHODAN hammering them, and they don't do anything about open buckets until they hit the front page of some newspaper.
Like just about everyone else, they seem to treat scanning as background radiation.
A Mastodon instance for info/cyber security-minded people.