Address Greptile review feedback on AWS and deserialization skills

- Use head-bucket for S3 existence checks instead of duplicating s3 ls
- Add Node.js to insecure_deserialization frontmatter description
This commit is contained in:
Ayush7614
2026-07-02 00:38:03 +05:30
parent 100f561e91
commit ff5b96ea40
2 changed files with 4 additions and 4 deletions
+3 -3
View File
@@ -41,11 +41,11 @@ AWS misconfigurations frequently expose credentials, data, and lateral movement
**Unauthenticated Enumeration**
```
# S3 bucket existence (403 vs 404 reveals existence)
aws s3 ls s3://target-bucket --no-sign-request
# S3 bucket existence (403 = exists but private, 404 = doesn't exist or different region)
aws s3api head-bucket --bucket target-bucket --no-sign-request 2>&1
curl -I https://target-bucket.s3.amazonaws.com/
# Public listing
# Public listing (confirms s3:ListBucket is granted to AllUsers)
aws s3 ls s3://target-bucket --no-sign-request
```
@@ -1,6 +1,6 @@
---
name: insecure_deserialization
description: Insecure deserialization testing for Java, Python, PHP, .NET, and Ruby covering gadget chains, type confusion, and safe validation
description: Insecure deserialization testing for Java, Python, PHP, .NET, Ruby, and Node.js covering gadget chains, type confusion, and safe validation
---
# Insecure Deserialization