When performing a recon on a domain - understanding assets they own is very important. AWS S3 bucket permissions have been confused time and time again, and have allowed for the exposure of sensitive material.
What this tool does, is enumerate S3 bucket names using common patterns I have identified during my time bug hunting and pentesting. Permutations are supported on a root domain name using a custom wordlist. I highly recommend the one packaged within AltDNS.
The following information about every bucket found to exist will be returned:
- List Permission
- Write Permission
- Region the Bucket exists in
- If the bucket has all access disabled
Installation
go get -u github.com/glen-mac/goGetBucketUsage
goGetBucket -m ~/tools/altdns/words.txt -d <domain> -o <output> -i <wordlist>Usage of ./goGetBucket:
-d string
Supplied domain name (used with mutation flag)
-f string
Path to a testfile (default "/tmp/test.file")
-i string
Path to input wordlist to enumerate
-k string
Keyword list (used with mutation flag)
-m string
Path to mutation wordlist (requires domain flag)
-o string
Path to output file to store log
-t int
Number of concurrent threads (default 100)-i) of subdomains for a root domain I am interested in. E.G:www.domain.com
mail.domain.com
dev.domain.com-f) is a file that the script will attempt to store in the bucket to test write permissions. So maybe store your contact information and a warning message if this is performed during a bounty?The keyword list (
-k) is concatenated with the root domain name (-d) and the domain without the TLD to permutate using the supplied permuation wordlist (-m).Be sure not to increase the threads too high (
-t) - as the AWS has API rate limiting that will kick in and start giving an undesired return code.Related articles
- Usb Pentest Tools
- Hack Tool Apk No Root
- Hacking Tools For Kali Linux
- Pentest Tools Tcp Port Scanner
- Hack Tools Mac
- Tools 4 Hack
- Hacker Tools List
- Hacker Tools Free Download
- Termux Hacking Tools 2019
- Hack Tools For Games
- Hacking Tools Windows 10
- Pentest Tools Android
- Black Hat Hacker Tools
- World No 1 Hacker Software
- Physical Pentest Tools
- Pentest Tools Bluekeep
- Hack Tool Apk
- Hacking Tools For Mac
- Pentest Tools For Ubuntu
- Hacker Tools For Mac
- Hack Tools For Games
- Hack Tools For Mac
- Hacking Apps
- Game Hacking
- Hack Rom Tools
- Pentest Tools Windows
- Hacking Tools For Pc
- Hacking Tools Name
- What Are Hacking Tools
- Best Pentesting Tools 2018
- Pentest Tools For Windows
- Hacking Tools Mac
- Hacker Tools Linux
- Hacking Tools Hardware
- Hack Tools
- Hackrf Tools
- Hack Tools Online
- Hacking Tools For Windows Free Download
- Pentest Tools Find Subdomains
- Hacker Hardware Tools
- Hacker Security Tools
- Top Pentest Tools
- Nsa Hack Tools
- Blackhat Hacker Tools
- Pentest Tools Url Fuzzer
- New Hack Tools
- Pentest Tools Windows
- Hack And Tools
- Pentest Tools Github
- Hacking Tools
- Best Hacking Tools 2019
- Easy Hack Tools
- Pentest Tools Website
- Hacking Tools Mac
- Hack Tools Github
- Nsa Hacker Tools
- Pentest Automation Tools
- Hacker Hardware Tools
- Hacker
- Tools Used For Hacking
- Game Hacking
- Hacker Tools For Windows
- Hack Tools For Games
- How To Install Pentest Tools In Ubuntu
- Github Hacking Tools
- Hacker Tools Apk Download
- Pentest Tools Android
- Pentest Tools Free
- Best Hacking Tools 2019
- What Is Hacking Tools
- Pentest Tools Free
- Pentest Tools Free
- Pentest Tools Android
- Hack Rom Tools
- Hack App
- Hacker Tools
- Hacking Tools For Windows
- Hack Tool Apk
- Pentest Reporting Tools
- Kik Hack Tools
- How To Make Hacking Tools
- Hacking Tools Pc
- Pentest Tools Linux
- Hacker Tools Github
- Hackers Toolbox
- Hack Tool Apk No Root
- Hacker Tools Windows
- Pentest Tools Subdomain
- Pentest Tools Subdomain
- Pentest Tools Website Vulnerability
- Hacker Tools 2020
- Hackrf Tools
- Hacker Tools Mac
- Hacker Security Tools
- Hacking Tools For Pc
- Pentest Tools Download
- Pentest Tools Linux
- Hacker Tools Free Download
- Tools For Hacker
- Hack Tools For Ubuntu
- Hack Tool Apk No Root
- New Hack Tools
- Hacker Tools For Ios
- Hack Apps
- Hacker Tools Mac
- Pentest Tools Find Subdomains
- How To Make Hacking Tools
- Pentest Tools Apk
- Hacker Tool Kit
- Hacker Tool Kit
- Pentest Tools
- Hacker Tools Free
- Hacking Tools 2019
- World No 1 Hacker Software
- Hacking Tools Hardware
- Hacker Tools Windows
- Pentest Tools Url Fuzzer
- Hacker Security Tools
- Usb Pentest Tools
- Pentest Tools Port Scanner
- Hacking Tools Name
- Hacking Tools Software
- Hacker Tools Free Download
- Hacker Search Tools
- Pentest Tools For Ubuntu
- Hack Tools Mac
- Hacker Tools For Windows
- Hack Tools
- Pentest Tools Tcp Port Scanner
- Hacker Tools Apk Download
- Pentest Tools Subdomain
- Nsa Hack Tools Download
- Pentest Tools Free
- Pentest Tools Website
- Hacker Tools Windows
- Hacker Tools List
- Hacker Search Tools
- Hack Tools Online
- Wifi Hacker Tools For Windows
- Tools Used For Hacking
- Hacking Tools For Windows Free Download
- Github Hacking Tools
- Hacking Tools Mac
- Pentest Tools Download
- Hack Tools For Games
- Free Pentest Tools For Windows
- Pentest Tools Subdomain
- Pentest Tools Port Scanner
- Blackhat Hacker Tools
- Blackhat Hacker Tools
- Nsa Hacker Tools
- Hack Tools
- Hacking Tools Mac
- Best Pentesting Tools 2018
goGetBucket - A Penetration Testing Tool To Enumerate And Analyse Amazon S3 Buckets Owned By A Domain