diff --git a/src/pentesting-cloud/aws-security/aws-unauthenticated-enum-access/aws-s3-unauthenticated-enum.md b/src/pentesting-cloud/aws-security/aws-unauthenticated-enum-access/aws-s3-unauthenticated-enum.md
index 28c7b1673d..df673ef1eb 100644
--- a/src/pentesting-cloud/aws-security/aws-unauthenticated-enum-access/aws-s3-unauthenticated-enum.md
+++ b/src/pentesting-cloud/aws-security/aws-unauthenticated-enum-access/aws-s3-unauthenticated-enum.md
@@ -26,6 +26,7 @@ Different methods to find when a webpage is using AWS to storage some resources:
   ```
 
 - Check for **CNAMES** as `resources.domain.com` might have the CNAME `bucket.s3.amazonaws.com`
+- **[s3dns](https://github.com/olizimmermann/s3dns)** – A lightweight DNS server that passively identifies cloud storage buckets (S3, GCP, Azure) by analyzing DNS traffic. It detects CNAMEs, follows resolution chains, and matches bucket patterns, offering a quiet alternative to brute-force or API-based discovery. Perfect for recon and OSINT workflows.
 - Check [https://buckets.grayhatwarfare.com](https://buckets.grayhatwarfare.com/), a web with already **discovered open buckets**.
 - The **bucket name** and the **bucket domain name** needs to be **the same.**
   - **flaws.cloud** is in **IP** 52.92.181.107 and if you go there it redirects you to [https://aws.amazon.com/s3/](https://aws.amazon.com/s3/). Also, `dig -x 52.92.181.107` gives `s3-website-us-west-2.amazonaws.com`.
@@ -101,6 +102,8 @@ Check that the resolved domain have the word "website".\
 You can access the static website going to: `flaws.cloud.s3-website-us-west-2.amazonaws.com`\
 or you can access the bucket visiting: `flaws.cloud.s3-us-west-2.amazonaws.com`
 
+
+
 #### By Trying
 
 If you try to access a bucket, but in the **domain name you specify another region** (for example the bucket is in `bucket.s3.amazonaws.com` but you try to access `bucket.s3-website-us-west-2.amazonaws.com`, then you will be **indicated to the correct location**: