When performing a recon on a domain - understanding assets they own is very important. AWS S3 bucket permissions have been confused time and time again, and have allowed for the exposure of sensitive material.
What this tool does, is enumerate S3 bucket names using common patterns I have identified during my time bug hunting and pentesting. Permutations are supported on a root domain name using a custom wordlist. I highly recommend the one packaged within AltDNS.
The following information about every bucket found to exist will be returned:
- List Permission
- Write Permission
- Region the Bucket exists in
- If the bucket has all access disabled
Installation
go get -u github.com/glen-mac/goGetBucketUsage
goGetBucket -m ~/tools/altdns/words.txt -d <domain> -o <output> -i <wordlist>Usage of ./goGetBucket:
-d string
Supplied domain name (used with mutation flag)
-f string
Path to a testfile (default "/tmp/test.file")
-i string
Path to input wordlist to enumerate
-k string
Keyword list (used with mutation flag)
-m string
Path to mutation wordlist (requires domain flag)
-o string
Path to output file to store log
-t int
Number of concurrent threads (default 100)-i) of subdomains for a root domain I am interested in. E.G:www.domain.com
mail.domain.com
dev.domain.com-f) is a file that the script will attempt to store in the bucket to test write permissions. So maybe store your contact information and a warning message if this is performed during a bounty?The keyword list (
-k) is concatenated with the root domain name (-d) and the domain without the TLD to permutate using the supplied permuation wordlist (-m).Be sure not to increase the threads too high (
-t) - as the AWS has API rate limiting that will kick in and start giving an undesired return code.Related articles
- Underground Hacker Sites
- Hack Apps
- Hacker Tools Windows
- Hacker Tools Linux
- Easy Hack Tools
- Hacking Tools Hardware
- New Hacker Tools
- Hacker Tools Apk
- Hack Tools 2019
- Pentest Tools Review
- How To Install Pentest Tools In Ubuntu
- Pentest Tools Windows
- Physical Pentest Tools
- New Hacker Tools
- Game Hacking
- Pentest Tools For Android
- Hackrf Tools
- Pentest Tools For Windows
- Pentest Tools Android
- What Is Hacking Tools
- Hack Rom Tools
- Computer Hacker
- Hacking Tools For Games
- Growth Hacker Tools
- Hacking Tools For Kali Linux
- Hacking Tools Usb
- Pentest Tools Website
- Hacker Tool Kit
- Pentest Box Tools Download
- Hacker Tools Github
- How To Make Hacking Tools
- Hacker Tools 2020
- How To Hack
- Hacking Tools Usb
- New Hacker Tools
- Computer Hacker
- Pentest Reporting Tools
- Hack Tools Download
- Hack Tools For Mac
- Hak5 Tools
- Bluetooth Hacking Tools Kali
- Hacking Tools For Beginners
- Pentest Tools Free
- Growth Hacker Tools
- Hacking Tools For Windows 7
- Hacking Tools For Windows 7
- Hacking Tools Pc
- Physical Pentest Tools
- Hack Tools Online
- What Is Hacking Tools
- Computer Hacker
- Hack Tools Download
- Pentest Recon Tools
- Hack Tools Online
- Hacking Tools Name
- Hak5 Tools
- Hacking Tools For Windows
- How To Make Hacking Tools
- Hacking Apps
- Hacker Tools Free Download
- Pentest Tools For Ubuntu
- Hack Tools For Ubuntu
- Install Pentest Tools Ubuntu
- Hacking Tools Pc
- Bluetooth Hacking Tools Kali
- Nsa Hack Tools
- Hacker Tools Windows
- Hacking Tools For Kali Linux
- Hacker Security Tools
- Pentest Tools Website
- Hacker Tools
- Pentest Tools For Ubuntu
- Usb Pentest Tools
- Hacker Tools Free Download
- Hacking Tools For Beginners
- Hacking Tools Github
- Pentest Tools Website
- Hacking Tools For Mac
- Hacker Tools Free Download
- What Is Hacking Tools
- Hacker Tool Kit
- What Is Hacking Tools
- Pentest Tools Subdomain
- New Hack Tools
- Hacker Tools Github
- What Is Hacking Tools
- Hacking Tools For Kali Linux
- Hacking Tools Hardware
- Hacking Tools For Pc
- Pentest Recon Tools
- Hackers Toolbox
