When performing a recon on a domain - understanding assets they own is very important. AWS S3 bucket permissions have been confused time and time again, and have allowed for the exposure of sensitive material.
What this tool does, is enumerate S3 bucket names using common patterns I have identified during my time bug hunting and pentesting. Permutations are supported on a root domain name using a custom wordlist. I highly recommend the one packaged within AltDNS.
The following information about every bucket found to exist will be returned:
- List Permission
- Write Permission
- Region the Bucket exists in
- If the bucket has all access disabled
Installation
go get -u github.com/glen-mac/goGetBucketUsage
goGetBucket -m ~/tools/altdns/words.txt -d <domain> -o <output> -i <wordlist>Usage of ./goGetBucket:
-d string
Supplied domain name (used with mutation flag)
-f string
Path to a testfile (default "/tmp/test.file")
-i string
Path to input wordlist to enumerate
-k string
Keyword list (used with mutation flag)
-m string
Path to mutation wordlist (requires domain flag)
-o string
Path to output file to store log
-t int
Number of concurrent threads (default 100)-i) of subdomains for a root domain I am interested in. E.G:www.domain.com
mail.domain.com
dev.domain.com-f) is a file that the script will attempt to store in the bucket to test write permissions. So maybe store your contact information and a warning message if this is performed during a bounty?The keyword list (
-k) is concatenated with the root domain name (-d) and the domain without the TLD to permutate using the supplied permuation wordlist (-m).Be sure not to increase the threads too high (
-t) - as the AWS has API rate limiting that will kick in and start giving an undesired return code.Related news
- Pentest Tools Free
- What Are Hacking Tools
- Physical Pentest Tools
- Hacker Security Tools
- Pentest Tools Website Vulnerability
- Install Pentest Tools Ubuntu
- Usb Pentest Tools
- Hak5 Tools
- Hacking App
- Hacker Tools Software
- Usb Pentest Tools
- Hacker Tools Github
- Hacker Tools 2019
- Ethical Hacker Tools
- Pentest Tools Alternative
- Ethical Hacker Tools
- Hacker
- What Is Hacking Tools
- Android Hack Tools Github
- Hacking Tools For Windows
- Hacker Tools For Mac
- Hacker Tools Free
- How To Make Hacking Tools
- Growth Hacker Tools
- Hacker Tools Online
- Hacking Tools Mac
- Pentest Tools Alternative
- Hacking Tools 2020
- Hacker Tools Github
- Nsa Hack Tools
- Blackhat Hacker Tools
- Pentest Tools Apk
- Pentest Tools Url Fuzzer
- New Hacker Tools
- Hacker Tools For Pc
- Computer Hacker
- Pentest Recon Tools
- Hacker Tools For Ios
- Hacking Tools Usb
- Hacker Tools
- Hacking Tools 2020
- Top Pentest Tools
- Hacker Tools For Ios
- Pentest Tools Framework
- Hacking Tools Hardware
- Hacker Tools 2020
- Hack Tools For Windows
- Pentest Tools For Windows
- Hacker Tools Apk
- Pentest Tools Free
- Hacker Tools Windows
- Hack Tools For Windows
- Pentest Tools For Ubuntu
- Hacking Tools Hardware
- Hacker Tools List
- Hack App
- Blackhat Hacker Tools
- Hacker Tools Github
- Tools Used For Hacking
- Underground Hacker Sites
- Hack Tools
- Pentest Tools For Android
- Hacker Security Tools
- Pentest Tools Apk
- Hacking Tools For Windows
- Hacker Tools For Mac
- Hack And Tools
- Pentest Tools Subdomain
- Hack Website Online Tool
- Growth Hacker Tools
- World No 1 Hacker Software
- Hacks And Tools
- Hack Tool Apk
- Best Pentesting Tools 2018
- Hacking Tools For Beginners
- Best Hacking Tools 2019
- Underground Hacker Sites
- Hacker Tools List
- Pentest Tools For Ubuntu
- Pentest Tools Windows
- Hacking Tools For Windows
- How To Make Hacking Tools
- What Are Hacking Tools
- Hack Apps
- Hacking Tools Download
- Nsa Hacker Tools
- Hack Tools For Pc
- Hacking App
- Hacker Tools Hardware
- Pentest Tools Android
- Hack Website Online Tool
- Hack Tools For Mac
- Hacker Tools Free
- Hacker Tools Github
- Computer Hacker
- Hacker Tools
- Hacker Tools Free
- Hack Tools For Mac
- Hacker Tools Apk Download
- Pentest Tools Android
- Hacking Tools Usb
- Hacker Tools Free Download
- Pentest Tools Online
- Pentest Tools For Windows
- Hacker Tools Github
- Hacker Techniques Tools And Incident Handling
- Pentest Tools Windows
- Hacking Tools For Kali Linux
- Game Hacking
- Pentest Tools Free
- Pentest Tools Port Scanner
- Hacking Tools For Games
- Hack Tools For Games
- Hacker Tools Hardware
- Hack Rom Tools
- Hacking Tools Usb
- What Is Hacking Tools
- Hack Tools For Windows
- Hacker Tools Apk Download
- Hack Tools
- Pentest Tools Url Fuzzer
- Nsa Hacker Tools
- Nsa Hack Tools
- Pentest Tools Linux
- Hack Tool Apk
- Hacker Tools For Mac
- Hacking Tools Windows 10
- Hacker Hardware Tools
- Hacker Tools 2019
- Github Hacking Tools
- Computer Hacker
- Best Hacking Tools 2020
- Hacking Tools Usb
- Blackhat Hacker Tools
- Pentest Tools Subdomain
- Hacking Tools Name
- Hacking Apps
- Hacking Tools For Beginners
- Pentest Tools Android
- Pentest Tools Free
- Hacking Tools For Windows 7
- Hacking Tools For Kali Linux
- Hacking Tools Mac
- Hacking Tools Github
- Hacker Tools Free Download
- Hack Tools Pc
- Hack Tools 2019
- Hacker Tools Github
- Pentest Tools Nmap
- Pentest Tools For Mac
- Best Hacking Tools 2019
- Hacker Tools Free Download
- Github Hacking Tools
- Hacker Tools Apk Download
- Hacker Tools Software
- Hacking Tools Software
- Hackrf Tools
- Tools For Hacker
- Hack Tools Online
- Hack Tools
- Hacker Tools Apk Download
- Underground Hacker Sites
- Hacking Tools Free Download
- Hacker Tools Apk Download
- Easy Hack Tools
- Hacking Tools 2019
- Pentest Tools List
- Nsa Hack Tools
- Hack Tools 2019
- Hacker Tools 2019
- Beginner Hacker Tools
- Hacking Tools Github
No comments:
Post a Comment