Dangerous Amazon AWS Dork

Author: Martin Voelk
February 2, 2016

Google search is probably the most powerful OSINT tool out there. Hackers are very well aware of this and so should Penetration Testers and Ethical Hackers be. Today we feature a very basic Google Dork to find insecure documents on Amazon AWS instances.

As part of the reconnaissance phase of a Penetration test for customers having AWS presences, such dorks are very important to check.

In the Google search bar simply enter:
site:s3.amazonaws.com “keyword” 

The keyword is replaced with various customer specific keywords and of course the dork can be combined with the inurl: parameter as well. Shocking stuff comes back in seconds. We refrain from putting a real example here as it’s just so bad what you get back in a few searches.

Watch your AWS settings and what you publish people!