goGetBucket - A Penetration Testing Tool To Enumerate And Analyse Amazon S3 Buckets Owned By A Domain

When performing a recon on a domain - understanding assets they own is very important. AWS S3 bucket permissions have been confused time and time again, and have allowed for the exposure of sensitive material.

What this tool does, is enumerate S3 bucket names using common patterns I have identified during my time bug hunting and pentesting. Permutations are supported on a root domain name using a custom wordlist. I highly recommend the one packaged within AltDNS.

The following information about every bucket found to exist will be returned:

• List Permission
• Write Permission
• Region the Bucket exists in
• If the bucket has all access disabled

Installation

go get -u github.com/glen-mac/goGetBucket

Usage
goGetBucket -m ~/tools/altdns/words.txt -d <domain> -o <output> -i <wordlist>

Usage of ./goGetBucket:
  -d string
        Supplied domain name (used with mutation flag)
  -f string
        Path to a testfile (default "/tmp/test.file")
  -i string
        Path to input wordlist to enumerate
  -k string
        Keyword list (used with mutation flag)
  -m string
        Path to mutation wordlist (requires domain flag)
  -o string
        Path to output file to store log
  -t int
        Number of concurrent threads (default 100)

Throughout my use of the tool, I have produced the best results when I feed in a list (-i) of subdomains for a root domain I am interested in. E.G:

www.domain.com
mail.domain.com
dev.domain.com

The test file (-f) is a file that the script will attempt to store in the bucket to test write permissions. So maybe store your contact information and a warning message if this is performed during a bounty?
The keyword list (-k) is concatenated with the root domain name (-d) and the domain without the TLD to permutate using the supplied permuation wordlist (-m).
Be sure not to increase the threads too high (-t) - as the AWS has API rate limiting that will kick in and start giving an undesired return code.

Download goGetBucket

Related word

1. Hack Tools For Mac
2. Pentest Tools Nmap
3. Pentest Tools Free
4. Hacker Tools Free
5. Hacker Tools Apk Download
6. Hack Apps
7. Hack Tools For Ubuntu
8. Pentest Tools Android
9. Hacker
10. Hack App
11. How To Install Pentest Tools In Ubuntu
12. Hackrf Tools
13. Physical Pentest Tools
14. Hack Tools Pc
15. Hacking Tools For Games
16. Hack Tools For Windows
17. Ethical Hacker Tools
18. Top Pentest Tools
19. Hacker Tools Apk
20. Hacks And Tools
21. Nsa Hack Tools Download
22. Pentest Tools List
23. Pentest Box Tools Download
24. Nsa Hack Tools Download
25. Hacker Tool Kit
26. Pentest Tools Android
27. Hack Tool Apk No Root
28. Beginner Hacker Tools
29. Hacking Tools
30. Hacking Tools For Games
31. Hacker Tools Online
32. Hacker Tools For Pc
33. Github Hacking Tools
34. How To Hack
35. Pentest Tools
36. Hacker Hardware Tools
37. Pentest Tools Review
38. Hacking Apps
39. Pentest Tools Apk
40. Hacks And Tools
41. What Is Hacking Tools
42. What Are Hacking Tools
43. Pentest Automation Tools
44. Hackrf Tools
45. Pentest Tools Subdomain
46. Pentest Tools Apk
47. Pentest Tools For Windows
48. Physical Pentest Tools
49. Pentest Tools Review
50. Pentest Tools Website
51. Pentest Tools Kali Linux
52. Hacking Tools Hardware
53. Github Hacking Tools
54. Hacking Tools Free Download
55. Top Pentest Tools
56. Best Hacking Tools 2020
57. Hacker Tools For Pc
58. Hack Tools For Mac
59. Hacking Tools Online
60. Hacking Tools Windows 10
61. Nsa Hack Tools
62. Hacking Tools Pc
63. Free Pentest Tools For Windows
64. Github Hacking Tools
65. Beginner Hacker Tools
66. Pentest Tools Tcp Port Scanner
67. Hacker Tools Free Download
68. Hack Tools For Ubuntu
69. Pentest Tools List
70. Hacking Tools Windows
71. Install Pentest Tools Ubuntu
72. Pentest Tools Github
73. Hacking Tools For Windows Free Download
74. Android Hack Tools Github
75. Hacking Tools Windows 10
76. Hacker Tools Github
77. Hack Apps
78. Computer Hacker
79. Hacker Tools Linux
80. Pentest Tools For Ubuntu
81. Pentest Tools Framework
82. Hacking Tools Usb
83. Android Hack Tools Github
84. Free Pentest Tools For Windows
85. Best Pentesting Tools 2018
86. Hacking Tools For Windows 7
87. Hacking Tools 2020
88. Hack App
89. Hacker Search Tools
90. Hack Tools Pc
91. Hack Tool Apk
92. Hackers Toolbox
93. Hackers Toolbox
94. Hack Tools Mac
95. Hack Tools Download
96. Pentest Tools Review
97. Android Hack Tools Github
98. Growth Hacker Tools
99. Hackers Toolbox
100. Hacking App
101. Hacker Tools For Windows
102. Bluetooth Hacking Tools Kali
103. How To Make Hacking Tools
104. Hacker Hardware Tools
105. Hacker Tool Kit
106. Hacker Tools Software
107. Pentest Tools Nmap
108. Hack Tools Mac
109. Hacker Tools Free Download
110. Hacker Hardware Tools
111. Hack Tools 2019
112. Hacking App
113. Pentest Tools Windows
114. Hacking Tools Pc
115. Hackrf Tools
116. Pentest Tools Url Fuzzer
117. Hacking Tools Online
118. Hack Tools
119. Pentest Tools Bluekeep
120. Growth Hacker Tools
121. Pentest Tools
122. Hack Tools For Games
123. Pentest Tools Website
124. Hacking Tools And Software
125. Hacker Tools Free
126. Pentest Tools Website Vulnerability
127. Hacker Tools 2020
128. Pentest Tools Kali Linux
129. Hack Tools For Mac
130. Pentest Tools Online
131. Pentest Tools Url Fuzzer
132. How To Hack
133. Hacker Tools Free
134. World No 1 Hacker Software