goGetBucket - A Penetration Testing Tool To Enumerate And Analyse Amazon S3 Buckets Owned By A Domain

When performing a recon on a domain - understanding assets they own is very important. AWS S3 bucket permissions have been confused time and time again, and have allowed for the exposure of sensitive material.

What this tool does, is enumerate S3 bucket names using common patterns I have identified during my time bug hunting and pentesting. Permutations are supported on a root domain name using a custom wordlist. I highly recommend the one packaged within AltDNS.

The following information about every bucket found to exist will be returned:

• List Permission
• Write Permission
• Region the Bucket exists in
• If the bucket has all access disabled

Installation

go get -u github.com/glen-mac/goGetBucket

Usage
goGetBucket -m ~/tools/altdns/words.txt -d <domain> -o <output> -i <wordlist>

Usage of ./goGetBucket:
  -d string
        Supplied domain name (used with mutation flag)
  -f string
        Path to a testfile (default "/tmp/test.file")
  -i string
        Path to input wordlist to enumerate
  -k string
        Keyword list (used with mutation flag)
  -m string
        Path to mutation wordlist (requires domain flag)
  -o string
        Path to output file to store log
  -t int
        Number of concurrent threads (default 100)

Throughout my use of the tool, I have produced the best results when I feed in a list (-i) of subdomains for a root domain I am interested in. E.G:

www.domain.com
mail.domain.com
dev.domain.com

The test file (-f) is a file that the script will attempt to store in the bucket to test write permissions. So maybe store your contact information and a warning message if this is performed during a bounty?
The keyword list (-k) is concatenated with the root domain name (-d) and the domain without the TLD to permutate using the supplied permuation wordlist (-m).
Be sure not to increase the threads too high (-t) - as the AWS has API rate limiting that will kick in and start giving an undesired return code.

Download goGetBucket

Continue reading

1. Wifi Hacker Tools For Windows
2. Pentest Tools Subdomain
3. Pentest Tools For Windows
4. Beginner Hacker Tools
5. Hackers Toolbox
6. Android Hack Tools Github
7. Hacker Hardware Tools
8. How To Install Pentest Tools In Ubuntu
9. Bluetooth Hacking Tools Kali
10. Free Pentest Tools For Windows
11. Pentest Tools Website
12. How To Install Pentest Tools In Ubuntu
13. Pentest Tools Port Scanner
14. Hack Website Online Tool
15. Hacker Tools For Mac
16. Hacker Hardware Tools
17. Hacker Tools Windows
18. Hacking Tools For Windows 7
19. Pentest Tools For Ubuntu
20. Hack Tools Github
21. Pentest Tools Apk
22. Hacker Search Tools
23. Hacker Hardware Tools
24. Pentest Tools Github
25. Hacker Security Tools
26. Hacker Tools Github
27. Hacker Tools Github
28. Pentest Tools Nmap
29. Pentest Tools List
30. Pentest Tools Website Vulnerability
31. Pentest Tools Nmap
32. Hack App
33. Hack Tool Apk No Root
34. Hacking Tools For Windows 7
35. Hacking Tools 2020
36. Hack Tools Online
37. Hacker Tools List
38. Nsa Hacker Tools
39. Pentest Tools Apk
40. Hacking Tools For Kali Linux
41. Hack Tools Mac
42. Pentest Tools Apk
43. Computer Hacker
44. Nsa Hack Tools Download
45. Hack Tools Pc
46. Hacking Tools And Software
47. Hacker Tools Free Download
48. Hackers Toolbox
49. Hackrf Tools
50. What Is Hacking Tools
51. Pentest Tools Apk
52. Hacking Tools For Mac
53. Hacker Tools For Pc
54. World No 1 Hacker Software
55. Hacking Tools Free Download
56. Hak5 Tools
57. Hack Tools Download
58. Hack Website Online Tool