hacktricks-cloud/src/pentesting-cloud/aws-security/aws-unauthenticated-enum-access/aws-sqs-unauthenticated-enum.md

AWS - SQS Unauthenticated Enum

{{#include ../../../banners/hacktricks-training.md}}

SQS

For more information about SQS check:

{{#ref}} ../aws-services/aws-sqs-and-sns-enum.md {{#endref}}

Public URL template

https://sqs.[region].amazonaws.com/[account-id]/{user_provided}

Check Permissions

It's possible to misconfigure a SQS queue policy and grant permissions to everyone in AWS to send and receive messages, so if you get the ARN of queues try if you can access them.

{{#include ../../../banners/hacktricks-training.md}}