When performing a recon on a domain - understanding assets they own is very important. AWS S3 bucket permissions have been confused time and time again, and have allowed for the exposure of sensitive material.
What this tool does, is enumerate S3 bucket names using common patterns I have identified during my time bug hunting and pentesting. Permutations are supported on a root domain name using a custom wordlist. I highly recommend the one packaged within AltDNS.
The following information about every bucket found to exist will be returned:
- List Permission
- Write Permission
- Region the Bucket exists in
- If the bucket has all access disabled
Installation
go get -u github.com/glen-mac/goGetBucketUsage
goGetBucket -m ~/tools/altdns/words.txt -d <domain> -o <output> -i <wordlist>Usage of ./goGetBucket:
-d string
Supplied domain name (used with mutation flag)
-f string
Path to a testfile (default "/tmp/test.file")
-i string
Path to input wordlist to enumerate
-k string
Keyword list (used with mutation flag)
-m string
Path to mutation wordlist (requires domain flag)
-o string
Path to output file to store log
-t int
Number of concurrent threads (default 100)-i) of subdomains for a root domain I am interested in. E.G:www.domain.com
mail.domain.com
dev.domain.com-f) is a file that the script will attempt to store in the bucket to test write permissions. So maybe store your contact information and a warning message if this is performed during a bounty?The keyword list (
-k) is concatenated with the root domain name (-d) and the domain without the TLD to permutate using the supplied permuation wordlist (-m).Be sure not to increase the threads too high (
-t) - as the AWS has API rate limiting that will kick in and start giving an undesired return code.More information
- Hacker Tools For Mac
- Hacker Tools Software
- Pentest Tools Website Vulnerability
- Hack Tools For Pc
- How To Make Hacking Tools
- Hack Tools For Mac
- Kik Hack Tools
- Usb Pentest Tools
- Pentest Tools Kali Linux
- Hacking Tools Free Download
- Hacking Tools Name
- Hacker Security Tools
- Hacker Tool Kit
- Pentest Tools Website
- Nsa Hack Tools
- Pentest Tools Url Fuzzer
- Top Pentest Tools
- Hacker
- Pentest Tools Framework
- Pentest Tools Bluekeep
- Hack Tool Apk
- Pentest Tools Website Vulnerability
- Hacking Tools Free Download
- Nsa Hack Tools
- Pentest Tools Subdomain
- Hacker Tools Github
- Hacking Tools Windows 10
- Hacker Tools Free Download
- Pentest Tools
- Pentest Tools Download
- Hack Tools
- Hacking Tools Github
- Hacker Tools List
- Hacking Tools Mac
- Pentest Tools Url Fuzzer
- Hacker Tools Free
- Hack Website Online Tool
- Pentest Tools Online
- Hacker Tools Hardware
- Pentest Tools Apk
- Tools For Hacker
- Pentest Tools Framework
- How To Make Hacking Tools
- Hack Tools For Windows
- Hack Tools
- Pentest Tools For Ubuntu
- Hack Tool Apk
- Tools For Hacker
- Hackrf Tools
- Hack Tools For Ubuntu
- Hacker Tools Software
- Hacking Tools 2020
- Top Pentest Tools
- Hacker Tools 2019
- Pentest Tools Online
- Hack Tools For Ubuntu
- Hack App
- Hacker Search Tools
- Hacker Tools Github
- Hacker Tools Free Download
- Black Hat Hacker Tools
- Hacking Tools Pc
- Hack Tools For Games
- Pentest Box Tools Download
- Hack Tools Online
- Hack Tools For Mac
- Hack Tools For Pc
- Hack Tools For Mac
- Hack Tools For Pc
- Hak5 Tools
- Hacking Tools And Software
- Hack Tools For Mac
- Hack Tools For Games
- Hacker Tools Windows
- World No 1 Hacker Software
- Hacking Tools For Kali Linux
- Hack Tools Online
- Hacking Tools For Windows
- Hacker Tools 2020
- Game Hacking
- Beginner Hacker Tools
- Hacking Tools And Software
- Hacking Tools For Windows Free Download
- Pentest Tools Download
- Hack Tools Online
- Hack Tools
- Top Pentest Tools
- Pentest Tools Windows
- Hacking Tools For Pc
- Hacker Tools
- Hack Tools For Pc
- Hack Website Online Tool
- Hacker Tools Free Download
- Hack Tools For Games
- Hacker
- Hacking Tools Pc
- Best Hacking Tools 2019
- Hacking Tools For Mac
- Hacker Hardware Tools
- Physical Pentest Tools
- Tools 4 Hack
- Hacker Tools Linux
- What Are Hacking Tools
- Hacker Tools List
- Pentest Tools Linux
- Physical Pentest Tools
- Hack Tools 2019
- Hacking Tools
- Hacker Tools List
- Hacks And Tools
- Pentest Tools
- Physical Pentest Tools
- What Is Hacking Tools
- Hacker Security Tools
- Pentest Tools Alternative
- Pentest Tools List
- Bluetooth Hacking Tools Kali
- Hacker Tools List
- Hacking Tools For Windows 7
- Hack Website Online Tool
- Top Pentest Tools
- Hackers Toolbox
- Pentest Tools Apk
- Growth Hacker Tools
- Hack Tools 2019
- Hacking Tools Software
- Pentest Tools
- Hacking Tools Usb
- Android Hack Tools Github
- Hack Tools Pc
- Hacker Tools Free
- Hacking Tools For Pc
- Hacking Tools Software
- Hacking Tools Download
- Pentest Tools Free
- Nsa Hack Tools Download
- Pentest Tools Online
- Nsa Hack Tools Download
- Android Hack Tools Github
- Hacker Tools For Windows
- Hack Tools For Ubuntu
- Pentest Tools For Windows
- Hacking Tools Kit
- Hacking Tools
- Black Hat Hacker Tools
- Hack Tools
- Hack Website Online Tool
- Hack Tools For Mac
- Hack Tool Apk
- Hacking Tools
- Nsa Hacker Tools
- Pentest Tools Nmap
- Pentest Tools Github
- Hacker Tools For Mac
- Hacker Tools List
- Hack Tools
- Nsa Hacker Tools
- Hacking Tools Online
- Hacker Tools For Ios
- Hacker Tools Linux
- Hack Tools Download
- Pentest Tools Kali Linux
- Growth Hacker Tools
- Hack Tools For Mac
- Hacker Tools Github
- Pentest Tools Online
- Pentest Tools Download
0 comments:
Post a Comment