goGetBucket - A Penetration Testing Tool To Enumerate And Analyse Amazon S3 Buckets Owned By A Domain

When performing a recon on a domain - understanding assets they own is very important. AWS S3 bucket permissions have been confused time and time again, and have allowed for the exposure of sensitive material.

What this tool does, is enumerate S3 bucket names using common patterns I have identified during my time bug hunting and pentesting. Permutations are supported on a root domain name using a custom wordlist. I highly recommend the one packaged within AltDNS.

The following information about every bucket found to exist will be returned:

• List Permission
• Write Permission
• Region the Bucket exists in
• If the bucket has all access disabled

Installation

go get -u github.com/glen-mac/goGetBucket

Usage
goGetBucket -m ~/tools/altdns/words.txt -d <domain> -o <output> -i <wordlist>

Usage of ./goGetBucket:
  -d string
        Supplied domain name (used with mutation flag)
  -f string
        Path to a testfile (default "/tmp/test.file")
  -i string
        Path to input wordlist to enumerate
  -k string
        Keyword list (used with mutation flag)
  -m string
        Path to mutation wordlist (requires domain flag)
  -o string
        Path to output file to store log
  -t int
        Number of concurrent threads (default 100)

Throughout my use of the tool, I have produced the best results when I feed in a list (-i) of subdomains for a root domain I am interested in. E.G:

www.domain.com
mail.domain.com
dev.domain.com

The test file (-f) is a file that the script will attempt to store in the bucket to test write permissions. So maybe store your contact information and a warning message if this is performed during a bounty?
The keyword list (-k) is concatenated with the root domain name (-d) and the domain without the TLD to permutate using the supplied permuation wordlist (-m).
Be sure not to increase the threads too high (-t) - as the AWS has API rate limiting that will kick in and start giving an undesired return code.

Download goGetBucket

Related news

1. Hacker Tools Online
2. Hacking Apps
3. Hacker Tools Free Download
4. World No 1 Hacker Software
5. Hack Apps
6. Hacker Hardware Tools
7. Pentest Tools Online
8. Hacking Tools Windows 10
9. Hack Tools 2019
10. Pentest Tools Url Fuzzer
11. Hacker Tools Apk
12. Computer Hacker
13. Pentest Tools For Windows
14. Hacking Tools For Windows 7
15. Pentest Tools Tcp Port Scanner
16. Pentest Tools Windows
17. Underground Hacker Sites
18. Tools 4 Hack
19. Android Hack Tools Github
20. Hack Tools Pc
21. Hacker Tools Software
22. Pentest Tools Android
23. Hacking Tools For Windows
24. Pentest Tools Github
25. Computer Hacker
26. Hacking Apps
27. Hacking Tools 2020
28. Hacking Tools 2020
29. Github Hacking Tools
30. Hack Tools For Games
31. World No 1 Hacker Software
32. New Hack Tools
33. Hack Tools 2019
34. Bluetooth Hacking Tools Kali
35. Hacker Tools Linux
36. Nsa Hacker Tools
37. Kik Hack Tools
38. Hacking Tools For Windows
39. Pentest Tools Online
40. Hacking Tools Usb
41. Wifi Hacker Tools For Windows
42. Growth Hacker Tools
43. Hack Tools Pc
44. Physical Pentest Tools
45. Underground Hacker Sites
46. What Are Hacking Tools
47. Hacker Tools Github
48. Pentest Tools Online
49. Pentest Tools
50. Hacking Tools Pc
51. Pentest Automation Tools
52. Hacker Tools Free
53. Hack App
54. Pentest Tools Android
55. How To Make Hacking Tools
56. Computer Hacker
57. How To Make Hacking Tools
58. Hack Tool Apk No Root
59. Github Hacking Tools
60. Hack Tools Online
61. Hacker Tools Free
62. Best Pentesting Tools 2018
63. How To Make Hacking Tools
64. Hack And Tools
65. Hack Tools Online
66. Game Hacking
67. Game Hacking
68. Pentest Tools For Windows
69. Hack Tools 2019
70. Pentest Tools Download
71. Hack Tool Apk No Root
72. Pentest Tools Framework
73. Beginner Hacker Tools
74. Hackers Toolbox
75. Hacking Tools Windows
76. Pentest Automation Tools
77. Hacking Tools
78. How To Hack
79. Android Hack Tools Github
80. Hack Tool Apk No Root
81. Blackhat Hacker Tools
82. Hacking Tools For Windows Free Download
83. New Hacker Tools
84. Hacker Tool Kit
85. Hack Tools For Ubuntu
86. Tools 4 Hack
87. Hack Tools 2019
88. How To Install Pentest Tools In Ubuntu
89. Hack Tools Mac
90. Bluetooth Hacking Tools Kali
91. New Hacker Tools
92. Hackrf Tools
93. Pentest Tools Url Fuzzer
94. Hack Rom Tools
95. Pentest Tools Free
96. World No 1 Hacker Software
97. Pentest Tools Linux
98. Hacker Tools Software
99. Hacking Tools Online
100. Pentest Tools Android
101. Top Pentest Tools
102. Hacking Tools For Pc
103. Pentest Tools For Ubuntu
104. Hacker Tools For Mac
105. Pentest Tools Kali Linux
106. Hack And Tools
107. Blackhat Hacker Tools
108. Pentest Tools Tcp Port Scanner
109. World No 1 Hacker Software
110. Hacking Tools Usb
111. Hacking Tools For Windows
112. Hacker Tools 2019
113. Underground Hacker Sites
114. Tools 4 Hack
115. Pentest Tools Url Fuzzer
116. Hack Apps
117. Best Hacking Tools 2019
118. Github Hacking Tools
119. Hack Apps
120. Hack Tools Online
121. Pentest Tools Tcp Port Scanner
122. Pentest Tools Download
123. Best Hacking Tools 2020
124. Hack Tools Online
125. Hacking Tools Download
126. Computer Hacker
127. New Hack Tools
128. Hacker Tools Hardware
129. Hack Tools Github
130. Hacking Tools Github
131. Pentest Tools For Ubuntu
132. Hacking Tools For Mac
133. Hacker Tools List
134. Tools Used For Hacking
135. Pentest Tools Linux
136. Hacker Tools For Pc
137. Hacker Tools 2020
138. Hacking Tools Kit
139. Pentest Tools For Mac
140. Tools For Hacker
141. How To Hack
142. Pentest Tools For Windows
143. Hacking Tools 2020
144. Hacker Tools For Windows
145. Pentest Tools Free
146. Underground Hacker Sites
147. Pentest Tools Website
148. What Are Hacking Tools
149. Wifi Hacker Tools For Windows
150. Hack Tools For Mac
151. Pentest Tools Subdomain
152. Hacking Tools For Windows 7
153. Hacker Tools Mac
154. Bluetooth Hacking Tools Kali