goGetBucket - A Penetration Testing Tool To Enumerate And Analyse Amazon S3 Buckets Owned By A Domain

When performing a recon on a domain - understanding assets they own is very important. AWS S3 bucket permissions have been confused time and time again, and have allowed for the exposure of sensitive material.

What this tool does, is enumerate S3 bucket names using common patterns I have identified during my time bug hunting and pentesting. Permutations are supported on a root domain name using a custom wordlist. I highly recommend the one packaged within AltDNS.

The following information about every bucket found to exist will be returned:

• List Permission
• Write Permission
• Region the Bucket exists in
• If the bucket has all access disabled

Installation

go get -u github.com/glen-mac/goGetBucket

Usage
goGetBucket -m ~/tools/altdns/words.txt -d <domain> -o <output> -i <wordlist>

Usage of ./goGetBucket:
  -d string
        Supplied domain name (used with mutation flag)
  -f string
        Path to a testfile (default "/tmp/test.file")
  -i string
        Path to input wordlist to enumerate
  -k string
        Keyword list (used with mutation flag)
  -m string
        Path to mutation wordlist (requires domain flag)
  -o string
        Path to output file to store log
  -t int
        Number of concurrent threads (default 100)

Throughout my use of the tool, I have produced the best results when I feed in a list (-i) of subdomains for a root domain I am interested in. E.G:

www.domain.com
mail.domain.com
dev.domain.com

The test file (-f) is a file that the script will attempt to store in the bucket to test write permissions. So maybe store your contact information and a warning message if this is performed during a bounty?
The keyword list (-k) is concatenated with the root domain name (-d) and the domain without the TLD to permutate using the supplied permuation wordlist (-m).
Be sure not to increase the threads too high (-t) - as the AWS has API rate limiting that will kick in and start giving an undesired return code.

Download goGetBucket

More articles

1. Pentest Tools Github
2. Nsa Hacker Tools
3. Pentest Tools For Android
4. Hacking Tools For Games
5. Hacker Tools For Windows
6. Hacking Tools 2020
7. How To Install Pentest Tools In Ubuntu
8. Beginner Hacker Tools
9. Wifi Hacker Tools For Windows
10. Hacking Tools
11. Hacker Hardware Tools
12. Hacker Tools For Pc
13. Hacker Tools Free
14. Pentest Tools Url Fuzzer
15. Pentest Tools Apk
16. Computer Hacker
17. Pentest Tools Windows
18. Hacking Tools Download
19. Hacker Search Tools
20. Best Hacking Tools 2019
21. Hacker Tools For Pc
22. Hak5 Tools
23. Tools Used For Hacking
24. Hacking Tools For Kali Linux
25. Hacking App
26. Game Hacking
27. Game Hacking
28. Pentest Tools For Mac
29. Hacking Tools Name
30. Hacker Tools For Pc
31. Nsa Hack Tools Download
32. Hak5 Tools
33. Pentest Tools Free
34. Tools Used For Hacking
35. Pentest Tools Download
36. Hacker Tools 2019
37. Hack App
38. What Are Hacking Tools
39. Hacker Tools Linux
40. Hacker Tools 2019
41. Hacker Techniques Tools And Incident Handling
42. Pentest Automation Tools
43. Tools 4 Hack
44. Hack Tool Apk
45. Hack And Tools
46. Hacker Tools Apk
47. Hacking Tools For Games
48. Hackers Toolbox
49. Hacker Tools Software
50. Hacks And Tools
51. Hacker Tools Windows
52. Hacker Techniques Tools And Incident Handling
53. Hacking Tools Name
54. Hacking Tools For Games
55. Hacking Tools Kit
56. Hacker Tools For Windows
57. Pentest Tools List
58. Hacker Tools 2020
59. Pentest Tools For Ubuntu
60. Pentest Box Tools Download
61. Hacking App
62. Hack Apps
63. Hack Tools Mac
64. Hacker Tools Free Download
65. Hacker Search Tools
66. Beginner Hacker Tools
67. Hacking Tools Mac
68. What Are Hacking Tools
69. Pentest Tools Windows
70. Hack Tools
71. Pentest Tools Github
72. What Are Hacking Tools
73. Physical Pentest Tools
74. Pentest Tools Website
75. Hack Tools
76. Hacker Tools Online
77. Termux Hacking Tools 2019
78. Hacker Tool Kit
79. Hacker Search Tools
80. Pentest Tools Free
81. Hacker Tools 2019
82. Tools Used For Hacking
83. Pentest Tools Nmap
84. Hacker Techniques Tools And Incident Handling
85. Termux Hacking Tools 2019
86. Hack Tools Pc
87. Hacking Tools For Windows 7
88. What Are Hacking Tools
89. Tools 4 Hack
90. Tools Used For Hacking
91. Hacking Tools For Games
92. Hack Tools Pc
93. Pentest Tools Url Fuzzer
94. Android Hack Tools Github
95. Top Pentest Tools
96. Hacking Tools Name
97. Tools Used For Hacking
98. Hacking Tools Windows
99. Android Hack Tools Github
100. Hacking Tools For Kali Linux
101. Hack Tools Online
102. Hacker
103. Hack Tools 2019
104. Hacking Tools Mac
105. Nsa Hack Tools
106. Hacking Tools And Software
107. Hacking Apps
108. Underground Hacker Sites
109. Hacker Tool Kit
110. Hacker Tools Github
111. Pentest Tools
112. Hacker Security Tools
113. Github Hacking Tools
114. Usb Pentest Tools
115. Tools Used For Hacking
116. Hacking Tools Hardware
117. Pentest Tools Open Source
118. Free Pentest Tools For Windows
119. Hacking Tools
120. Hacker Tools Apk
121. Hacker Tools List
122. Hacker Tools Apk Download
123. Hacking Tools Pc
124. Hacking Tools Windows 10
125. Hacking Tools For Beginners
126. Hack Rom Tools
127. Hack Website Online Tool
128. Pentest Recon Tools
129. Blackhat Hacker Tools
130. Hacking Tools Download
131. Hackers Toolbox
132. Pentest Tools Port Scanner
133. Pentest Tools Kali Linux
134. Tools Used For Hacking
135. Tools Used For Hacking