When performing a recon on a domain - understanding assets they own is very important. AWS S3 bucket permissions have been confused time and time again, and have allowed for the exposure of sensitive material.
What this tool does, is enumerate S3 bucket names using common patterns I have identified during my time bug hunting and pentesting. Permutations are supported on a root domain name using a custom wordlist. I highly recommend the one packaged within AltDNS.
The following information about every bucket found to exist will be returned:
- List Permission
- Write Permission
- Region the Bucket exists in
- If the bucket has all access disabled
Installation
go get -u github.com/glen-mac/goGetBucketUsage
goGetBucket -m ~/tools/altdns/words.txt -d <domain> -o <output> -i <wordlist>Usage of ./goGetBucket:
-d string
Supplied domain name (used with mutation flag)
-f string
Path to a testfile (default "/tmp/test.file")
-i string
Path to input wordlist to enumerate
-k string
Keyword list (used with mutation flag)
-m string
Path to mutation wordlist (requires domain flag)
-o string
Path to output file to store log
-t int
Number of concurrent threads (default 100)-i) of subdomains for a root domain I am interested in. E.G:www.domain.com
mail.domain.com
dev.domain.com-f) is a file that the script will attempt to store in the bucket to test write permissions. So maybe store your contact information and a warning message if this is performed during a bounty?The keyword list (
-k) is concatenated with the root domain name (-d) and the domain without the TLD to permutate using the supplied permuation wordlist (-m).Be sure not to increase the threads too high (
-t) - as the AWS has API rate limiting that will kick in and start giving an undesired return code.Related posts
- Pentest Tools Nmap
- How To Install Pentest Tools In Ubuntu
- Hacking Tools Mac
- Best Hacking Tools 2019
- Growth Hacker Tools
- Hacking App
- Tools 4 Hack
- Pentest Tools Tcp Port Scanner
- Hacking Tools For Mac
- Hacking Tools Hardware
- Pentest Tools Review
- Hack Tools Pc
- Pentest Tools For Ubuntu
- Pentest Tools Framework
- Hacking Tools Online
- Hacking Tools For Kali Linux
- Hack Tools Pc
- Pentest Tools Nmap
- Hacking Tools For Kali Linux
- Hack Tools For Ubuntu
- Hacker Tools Free
- Hacking Tools Free Download
- Android Hack Tools Github
- Hack Tool Apk No Root
- Hacking App
- New Hacker Tools
- Hacking Apps
- Hacker Tools Linux
- Pentest Tools Framework
- Pentest Box Tools Download
- How To Install Pentest Tools In Ubuntu
- Easy Hack Tools
- Pentest Tools List
- Hacking Tools Usb
- Hacker Tools Free
- Pentest Tools Subdomain
- Pentest Reporting Tools
- Hacking Tools 2020
- Pentest Tools Tcp Port Scanner
- Hacker Tools For Ios
- Hacking Tools 2019
- Hack Tools For Mac
- Pentest Tools
- Hacking Tools Free Download
- Hacking Tools Kit
- Hacking Tools Software
- Hacker Tools Windows
- Pentest Tools For Ubuntu
- Pentest Tools For Mac
- Hacking Tools Download
- Hacking Tools Name
- Hacking Tools For Kali Linux
- Hack Tools For Ubuntu
- Usb Pentest Tools
- What Are Hacking Tools
- Hacking Tools For Beginners
- Pentest Tools Open Source
- Hacker Search Tools
- Best Hacking Tools 2020
- Pentest Tools Windows
- Hack App
- Hack Tools Github
- Hacking Tools For Kali Linux
- Install Pentest Tools Ubuntu
- Hacking Tools
- Nsa Hack Tools Download
- Hacker Tools For Ios
- Pentest Tools Nmap
- Hacking Tools For Beginners
- Hack Tools Mac
- Pentest Tools Android
- Hacking Tools Pc
- Pentest Tools Website Vulnerability
- Hacking Tools For Kali Linux
- Hacker Tools 2020
- Beginner Hacker Tools
- Pentest Tools Port Scanner
- Hacker Tools List
- Hacking Tools And Software
- What Are Hacking Tools
- Termux Hacking Tools 2019
- Pentest Tools Find Subdomains
0 comments:
Post a Comment