When performing a recon on a domain - understanding assets they own is very important. AWS S3 bucket permissions have been confused time and time again, and have allowed for the exposure of sensitive material.
What this tool does, is enumerate S3 bucket names using common patterns I have identified during my time bug hunting and pentesting. Permutations are supported on a root domain name using a custom wordlist. I highly recommend the one packaged within AltDNS.
The following information about every bucket found to exist will be returned:
- List Permission
- Write Permission
- Region the Bucket exists in
- If the bucket has all access disabled
Installation
go get -u github.com/glen-mac/goGetBucketUsage
goGetBucket -m ~/tools/altdns/words.txt -d <domain> -o <output> -i <wordlist>Usage of ./goGetBucket:
-d string
Supplied domain name (used with mutation flag)
-f string
Path to a testfile (default "/tmp/test.file")
-i string
Path to input wordlist to enumerate
-k string
Keyword list (used with mutation flag)
-m string
Path to mutation wordlist (requires domain flag)
-o string
Path to output file to store log
-t int
Number of concurrent threads (default 100)-i) of subdomains for a root domain I am interested in. E.G:www.domain.com
mail.domain.com
dev.domain.com-f) is a file that the script will attempt to store in the bucket to test write permissions. So maybe store your contact information and a warning message if this is performed during a bounty?The keyword list (
-k) is concatenated with the root domain name (-d) and the domain without the TLD to permutate using the supplied permuation wordlist (-m).Be sure not to increase the threads too high (
-t) - as the AWS has API rate limiting that will kick in and start giving an undesired return code.Related links
- Pentest Box Tools Download
- Easy Hack Tools
- Hack Tools For Games
- Pentest Tools For Ubuntu
- Hacking Tools 2019
- Physical Pentest Tools
- Hacking Tools For Windows
- Hacking Apps
- Pentest Tools Kali Linux
- Hacker Tools Linux
- Hacking Tools For Mac
- Best Hacking Tools 2020
- Hacker Tools Software
- Underground Hacker Sites
- Hacking Tools Online
- Usb Pentest Tools
- Hacker Tools Linux
- How To Make Hacking Tools
- Hacking Tools Kit
- Bluetooth Hacking Tools Kali
- Pentest Tools Nmap
- Nsa Hacker Tools
- Hack Tools For Ubuntu
- Hack Tools Pc
- Hacking Tools Online
- Hack Website Online Tool
- Pentest Tools Website Vulnerability
- Beginner Hacker Tools
- Hacking Tools Pc
- Pentest Tools Linux
- Hacking Tools 2020
- Underground Hacker Sites
- Hacker Tools Apk Download
- Hack Tools
- Hacking Tools Windows 10
- Hacking Tools Pc
- Easy Hack Tools
- Hacking Tools Free Download
- Pentest Tools Linux
- How To Install Pentest Tools In Ubuntu
- Hack Tools 2019
- Hacker Hardware Tools
- Hacker Tools Software
- Hack Tools
- Hacker Tools Linux
- Pentest Tools Website
- Pentest Recon Tools
- Pentest Tools Review
- Pentest Automation Tools
- Hacker Hardware Tools
- Hack Tools Mac
- New Hacker Tools
- Pentest Tools For Android
- Hack Website Online Tool
- Beginner Hacker Tools
- What Is Hacking Tools
- Pentest Tools
- Pentest Tools Android
- Hack Tools Online
- Hack Tool Apk
- Hacker Tools Hardware
- Hacker Tools Apk
- Tools 4 Hack
- Hack Tools Mac
- Pentest Tools Subdomain
- Pentest Tools Port Scanner
- Pentest Tools For Mac
- Pentest Reporting Tools
- Hack Tools 2019
- Hacks And Tools
- Hacking Tools Free Download
- Pentest Tools Online
- Hacker Techniques Tools And Incident Handling
- Usb Pentest Tools
- Hack Website Online Tool
- Pentest Tools Find Subdomains
- Hacking Tools
- Pentest Box Tools Download
- Pentest Tools Free
- Hack Tool Apk
- Hack Tools Online
- Hacker Tools List
- Underground Hacker Sites
- Hack Tools Online
- Hacking Apps
- Hack Apps
- Pentest Tools Free
- Hacker Security Tools
- Hacking App
- Hack App
- Pentest Box Tools Download
- Hacker Tools List
- Termux Hacking Tools 2019
- Hackrf Tools
- Hacking Tools Windows
- Hacking Tools For Windows 7
- Hacker Tools Linux
- Hack Tools For Pc
- Hacking Apps
- Free Pentest Tools For Windows
- Pentest Tools Github
- Hack App
No comments:
Post a Comment