I've been playing around with for a while.

Providing AWS keys and performing authenticated requests is strongly recommended, but I can't imagine Amazon would be very happy with someone making bulk requests to find open S3 buckets.

Does anybody here have experience with that? Do they ToS people for that or do they just not care?

@r000t They really don't seem to care. They don't care about SHODAN hammering them, and they don't do anything about open buckets until they hit the front page of some newspaper.

Like just about everyone else, they seem to treat scanning as background radiation.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.