When performing a recon on a domain - understanding assets they own is very important. AWS S3 bucket permissions have been confused time and time again, and have allowed for the exposure of sensitive material.
What this tool does, is enumerate S3 bucket names using common patterns I have identified during my time bug hunting and pentesting. Permutations are supported on a root domain name using a custom wordlist. I highly recommend the one packaged within AltDNS.
The following information about every bucket found to exist will be returned:
- List Permission
- Write Permission
- Region the Bucket exists in
- If the bucket has all access disabled
Installation
go get -u github.com/glen-mac/goGetBucketUsage
goGetBucket -m ~/tools/altdns/words.txt -d <domain> -o <output> -i <wordlist>Usage of ./goGetBucket:
-d string
Supplied domain name (used with mutation flag)
-f string
Path to a testfile (default "/tmp/test.file")
-i string
Path to input wordlist to enumerate
-k string
Keyword list (used with mutation flag)
-m string
Path to mutation wordlist (requires domain flag)
-o string
Path to output file to store log
-t int
Number of concurrent threads (default 100)-i) of subdomains for a root domain I am interested in. E.G:www.domain.com
mail.domain.com
dev.domain.com-f) is a file that the script will attempt to store in the bucket to test write permissions. So maybe store your contact information and a warning message if this is performed during a bounty?The keyword list (
-k) is concatenated with the root domain name (-d) and the domain without the TLD to permutate using the supplied permuation wordlist (-m).Be sure not to increase the threads too high (
-t) - as the AWS has API rate limiting that will kick in and start giving an undesired return code.More info
- Best Hacking Tools 2020
- Hack Tools Pc
- Hacking Tools Kit
- Android Hack Tools Github
- Pentest Tools Linux
- Pentest Tools Kali Linux
- Hack Tools
- Hacker Tools Mac
- Hacker Tool Kit
- Hacking Tools
- Hacker Tools Free
- Ethical Hacker Tools
- Pentest Tools Framework
- Pentest Tools For Android
- Pentest Box Tools Download
- Hacker Techniques Tools And Incident Handling
- Nsa Hack Tools
- Pentest Tools Download
- Hacking Tools
- Ethical Hacker Tools
- Pentest Tools Free
- Nsa Hack Tools Download
- Kik Hack Tools
- Hacker Tools 2020
- Growth Hacker Tools
- Hacking Tools Usb
- Hacks And Tools
- How To Make Hacking Tools
- Install Pentest Tools Ubuntu
- Pentest Tools Port Scanner
- Pentest Tools For Android
- Top Pentest Tools
- Tools Used For Hacking
- Game Hacking
- Pentest Tools Website
- Pentest Tools Online
- Hacker Tools For Mac
- Ethical Hacker Tools
- Hacker Tools
- Tools For Hacker
- What Is Hacking Tools
- Hacking Tools Hardware
- Hacking Apps
- Nsa Hacker Tools
- Computer Hacker
- Hacking Tools Windows 10
- Hacker
- Hacker Tools For Ios
- Hacking Tools For Mac
- Free Pentest Tools For Windows
- Pentest Reporting Tools
- Hacker Tools Hardware
- Hacking Tools Download
- Hacking Tools And Software
- Pentest Tools Website Vulnerability
- What Is Hacking Tools
- Hacking Tools Mac
- Hacking Tools Name
- Pentest Tools Nmap
- Pentest Tools Free
- Hacker Tools For Ios
- Ethical Hacker Tools
- Hacking Tools Name
- Nsa Hacker Tools
- Hacking Tools Mac
- Hacking Tools Software
- Hacks And Tools
- Hack Tools Pc
- Hacker Tools Apk
- Hacker Tools Online
- Physical Pentest Tools
- Pentest Tools Url Fuzzer
- Blackhat Hacker Tools
- Hack Tools
- Hacking App
- Pentest Tools Online
- Hack Tools
- Hacking Tools Download
- Pentest Tools Github
- Pentest Tools Android
- Best Hacking Tools 2019
- World No 1 Hacker Software
- Hacking Tools Free Download
- Hacker Tools Linux
- Hacker Tools 2019
- Hacker Tools Linux
- Hacking Tools Windows
- Pentest Tools Windows
- Pentest Tools Alternative
- Hacking Tools And Software
- Top Pentest Tools
- Hack Tools For Ubuntu
- Pentest Tools Website Vulnerability
- Hack And Tools
- Hack Apps
- Hack Tools For Pc
- Github Hacking Tools
No comments:
Post a Comment