goGetBucket - A Penetration Testing Tool To Enumerate And Analyse Amazon S3 Buckets Owned By A Domain

When performing a recon on a domain - understanding assets they own is very important. AWS S3 bucket permissions have been confused time and time again, and have allowed for the exposure of sensitive material.

What this tool does, is enumerate S3 bucket names using common patterns I have identified during my time bug hunting and pentesting. Permutations are supported on a root domain name using a custom wordlist. I highly recommend the one packaged within AltDNS.

The following information about every bucket found to exist will be returned:

• List Permission
• Write Permission
• Region the Bucket exists in
• If the bucket has all access disabled

Installation

go get -u github.com/glen-mac/goGetBucket

Usage
goGetBucket -m ~/tools/altdns/words.txt -d <domain> -o <output> -i <wordlist>

Usage of ./goGetBucket:
  -d string
        Supplied domain name (used with mutation flag)
  -f string
        Path to a testfile (default "/tmp/test.file")
  -i string
        Path to input wordlist to enumerate
  -k string
        Keyword list (used with mutation flag)
  -m string
        Path to mutation wordlist (requires domain flag)
  -o string
        Path to output file to store log
  -t int
        Number of concurrent threads (default 100)

Throughout my use of the tool, I have produced the best results when I feed in a list (-i) of subdomains for a root domain I am interested in. E.G:

www.domain.com
mail.domain.com
dev.domain.com

The test file (-f) is a file that the script will attempt to store in the bucket to test write permissions. So maybe store your contact information and a warning message if this is performed during a bounty?
The keyword list (-k) is concatenated with the root domain name (-d) and the domain without the TLD to permutate using the supplied permuation wordlist (-m).
Be sure not to increase the threads too high (-t) - as the AWS has API rate limiting that will kick in and start giving an undesired return code.

Download goGetBucket

Related news

1. Pentest Automation Tools
2. Hacking Tools For Pc
3. Hacking Tools For Games
4. Kik Hack Tools
5. Hacking Tools Free Download
6. Hack Tools Pc
7. Hacking Tools
8. Hacking Tools Download
9. Hack App
10. Hacker Tools Hardware
11. Hacking Tools Usb
12. Hak5 Tools
13. Hacking Tools Free Download
14. Hacker Security Tools
15. Hacking Tools Hardware
16. What Is Hacking Tools
17. Termux Hacking Tools 2019
18. Hacker Tool Kit
19. Pentest Tools Nmap
20. Hacking Tools Download
21. Pentest Tools Apk
22. Pentest Tools Online
23. Hacking Tools 2019
24. Hacking Tools For Windows 7
25. Blackhat Hacker Tools
26. Hack And Tools
27. Bluetooth Hacking Tools Kali
28. Hack Tool Apk
29. Hacker Hardware Tools
30. Hacker Tools For Windows
31. How To Install Pentest Tools In Ubuntu
32. Hacker Tools Software
33. Best Hacking Tools 2019
34. Hacking Tools Windows 10
35. Pentest Tools For Ubuntu
36. Termux Hacking Tools 2019
37. Pentest Tools Subdomain
38. Hacker Techniques Tools And Incident Handling
39. Hack Tools For Games
40. What Is Hacking Tools
41. Pentest Tools For Ubuntu
42. New Hacker Tools
43. Bluetooth Hacking Tools Kali
44. What Is Hacking Tools
45. Pentest Tools Free
46. Nsa Hack Tools Download
47. Bluetooth Hacking Tools Kali
48. Pentest Recon Tools
49. Pentest Tools Download
50. Hacking Apps
51. Hacker Tools For Pc
52. Beginner Hacker Tools
53. Hacking Tools
54. How To Make Hacking Tools
55. Hacker Tools List
56. Hack Tools For Windows
57. Hack Website Online Tool
58. Hacking Tools For Windows
59. Hacking Tools Github
60. Hack Website Online Tool
61. Hacker Tools Github
62. Pentest Tools List
63. Hack Tools 2019
64. Nsa Hack Tools Download
65. Underground Hacker Sites
66. Hacker Tools Hardware
67. Beginner Hacker Tools
68. Hackers Toolbox
69. Pentest Tools Website Vulnerability