When performing a recon on a domain - understanding assets they own is very important. AWS S3 bucket permissions have been confused time and time again, and have allowed for the exposure of sensitive material.
What this tool does, is enumerate S3 bucket names using common patterns I have identified during my time bug hunting and pentesting. Permutations are supported on a root domain name using a custom wordlist. I highly recommend the one packaged within AltDNS.
The following information about every bucket found to exist will be returned:
- List Permission
- Write Permission
- Region the Bucket exists in
- If the bucket has all access disabled
Installation
go get -u github.com/glen-mac/goGetBucketUsage
goGetBucket -m ~/tools/altdns/words.txt -d <domain> -o <output> -i <wordlist>Usage of ./goGetBucket:
-d string
Supplied domain name (used with mutation flag)
-f string
Path to a testfile (default "/tmp/test.file")
-i string
Path to input wordlist to enumerate
-k string
Keyword list (used with mutation flag)
-m string
Path to mutation wordlist (requires domain flag)
-o string
Path to output file to store log
-t int
Number of concurrent threads (default 100)-i) of subdomains for a root domain I am interested in. E.G:www.domain.com
mail.domain.com
dev.domain.com-f) is a file that the script will attempt to store in the bucket to test write permissions. So maybe store your contact information and a warning message if this is performed during a bounty?The keyword list (
-k) is concatenated with the root domain name (-d) and the domain without the TLD to permutate using the supplied permuation wordlist (-m).Be sure not to increase the threads too high (
-t) - as the AWS has API rate limiting that will kick in and start giving an undesired return code.- Tools Used For Hacking
- Hacking Tools Usb
- Pentest Tools Bluekeep
- World No 1 Hacker Software
- New Hack Tools
- Black Hat Hacker Tools
- Hacking Tools Hardware
- Game Hacking
- Hack Tools 2019
- Hacking Tools 2019
- Beginner Hacker Tools
- Pentest Tools For Android
- Hacking App
- Underground Hacker Sites
- Hacking App
- Hack App
- Hacking Tools And Software
- Hacking Tools 2019
- Hacking Tools Windows 10
- Hackers Toolbox
- Hack Tools Mac
- Hack Tool Apk
- Pentest Tools Linux
- Ethical Hacker Tools
- Hacker Tools Online
- Pentest Tools Url Fuzzer
- Hack App
- Growth Hacker Tools
- Hacking Tools And Software
- Hacking Tools Usb
- Hacking Tools And Software
- How To Hack
- Hacking Tools Hardware
- Hacking Apps
- Hacker Tools Hardware
- What Are Hacking Tools
- Pentest Box Tools Download
- Hacking Tools Free Download
- Hacker Security Tools
- Computer Hacker
- Bluetooth Hacking Tools Kali
- Hacker Tools Mac
- Hacker Techniques Tools And Incident Handling
- Pentest Tools Review
- What Is Hacking Tools
- Hacking App
- Pentest Tools For Android
- Pentest Recon Tools
- Hacker Tools List
- Pentest Tools
- What Is Hacking Tools
- Hacker Techniques Tools And Incident Handling
- Hacking Tools Pc
- Termux Hacking Tools 2019
- Pentest Tools Kali Linux
- Hacking Tools Github
- Hacker Tool Kit
- Hacking Tools Mac
- Pentest Tools Nmap
- Hacking Tools Online
- Install Pentest Tools Ubuntu
- Tools 4 Hack
- Pentest Tools Open Source
- Blackhat Hacker Tools
- Hacking Apps
- Hacker Tools Windows
- Hacker Tools Software
- Hacking Tools Pc
- Hacking Tools For Beginners
- Pentest Tools Online
- Hacking Tools For Mac
- Hak5 Tools
- Bluetooth Hacking Tools Kali
- Pentest Tools For Windows
- Hacking Tools Online
- Pentest Tools Online
- Pentest Tools Linux
- Easy Hack Tools
- Pentest Tools Find Subdomains
- Hack Tool Apk
- Game Hacking
- Pentest Tools Subdomain
- Black Hat Hacker Tools
- Hacking Tools For Games
- Best Pentesting Tools 2018
- Usb Pentest Tools
- Hacking Tools For Windows Free Download
- Hacking Tools Free Download
- Hacker Tools Online
- Pentest Tools Bluekeep
- World No 1 Hacker Software
- Hacking Tools Usb
- What Is Hacking Tools
- Pentest Tools Url Fuzzer
- Hack Tools
- Pentest Tools For Windows
- Computer Hacker
- Hacking Tools For Windows
- Pentest Tools Linux
- Usb Pentest Tools
- Nsa Hack Tools Download
- What Is Hacking Tools
- Tools Used For Hacking
- How To Hack
- Top Pentest Tools
- Hacker Tools Online
- Pentest Tools Port Scanner
- Growth Hacker Tools
- Hacker Tools List
- Computer Hacker
- Pentest Tools Url Fuzzer
- Pentest Tools List
- Hacking Tools Kit
- Hacker Tools Mac
- Pentest Box Tools Download
- Hacker Search Tools
- Pentest Tools Port Scanner
- Pentest Tools Apk
- Hack Tools Mac
- Tools For Hacker
- Blackhat Hacker Tools
- Pentest Tools Framework
- Hacker Tools
- Hack Tools For Windows
- Best Hacking Tools 2020
- Hack App
- Hacking Tools For Windows Free Download
- Hacker Tools
- Tools For Hacker
- Hacker Tools Windows
- Pentest Tools Port Scanner
- Hacker Tools For Ios
- Hacker Security Tools
- Hacking Tools 2020
- Tools For Hacker
- Hack Tool Apk
- Physical Pentest Tools
- Growth Hacker Tools
- How To Make Hacking Tools
- How To Make Hacking Tools
- Hack Tools Mac
- Hack Tools
- Pentest Tools Review
- How To Make Hacking Tools
- Pentest Tools For Ubuntu
- Hackers Toolbox
- Black Hat Hacker Tools
- Hacking App
- Hacking Tools Windows
- Pentest Tools Website Vulnerability
- Hacks And Tools
- Hacker Tools For Ios
- Hacker Tools Mac
- Best Hacking Tools 2019
- Hacking Tools Github
- Pentest Recon Tools
- Hacking Tools For Pc
No comments:
Post a Comment