When performing a recon on a domain - understanding assets they own is very important. AWS S3 bucket permissions have been confused time and time again, and have allowed for the exposure of sensitive material.
What this tool does, is enumerate S3 bucket names using common patterns I have identified during my time bug hunting and pentesting. Permutations are supported on a root domain name using a custom wordlist. I highly recommend the one packaged within AltDNS.
The following information about every bucket found to exist will be returned:
- List Permission
- Write Permission
- Region the Bucket exists in
- If the bucket has all access disabled
Installation
go get -u github.com/glen-mac/goGetBucketUsage
goGetBucket -m ~/tools/altdns/words.txt -d <domain> -o <output> -i <wordlist>Usage of ./goGetBucket:
-d string
Supplied domain name (used with mutation flag)
-f string
Path to a testfile (default "/tmp/test.file")
-i string
Path to input wordlist to enumerate
-k string
Keyword list (used with mutation flag)
-m string
Path to mutation wordlist (requires domain flag)
-o string
Path to output file to store log
-t int
Number of concurrent threads (default 100)-i) of subdomains for a root domain I am interested in. E.G:www.domain.com
mail.domain.com
dev.domain.com-f) is a file that the script will attempt to store in the bucket to test write permissions. So maybe store your contact information and a warning message if this is performed during a bounty?The keyword list (
-k) is concatenated with the root domain name (-d) and the domain without the TLD to permutate using the supplied permuation wordlist (-m).Be sure not to increase the threads too high (
-t) - as the AWS has API rate limiting that will kick in and start giving an undesired return code.Related news
- Hacking Tools Mac
- Hacker Tools Free
- Pentest Tools Url Fuzzer
- Hackers Toolbox
- Hacking Tools Usb
- Pentest Tools
- Hacker Tools Apk
- Easy Hack Tools
- Hack Tool Apk No Root
- Hacker Search Tools
- Hack Tools 2019
- Hack Rom Tools
- Hacking Tools For Windows 7
- Hacking App
- Hack Tools Download
- Hak5 Tools
- Hacker Tools Mac
- Hacking Tools Hardware
- Hack Tools
- Hacking Tools Free Download
- Hack Tools
- How To Install Pentest Tools In Ubuntu
- Computer Hacker
- Usb Pentest Tools
- Hacking App
- Best Pentesting Tools 2018
- How To Install Pentest Tools In Ubuntu
- Hack Tools Github
- Hack Tool Apk
- Pentest Tools Nmap
- Hack Tools Mac
- Hacks And Tools
- Hacker Tools Free
- Hacking Tools For Windows Free Download
- Pentest Tools Alternative
- Hacker Tools Apk Download
- Hack App
- Best Hacking Tools 2020
- Pentest Tools Apk
- Hacking Tools Github
- Hack Tools 2019
- Hack Website Online Tool
- Pentest Tools Subdomain
- Hack Apps
- Hack Tools Download
- How To Make Hacking Tools
- Pentest Tools Kali Linux
- Hacking App
- Hack Tool Apk No Root
- Hacking Tools For Kali Linux
- Easy Hack Tools
- Computer Hacker
- Hack App
- New Hacker Tools
- What Is Hacking Tools
- Pentest Box Tools Download
- Blackhat Hacker Tools
- Hacking Tools Usb
- Pentest Automation Tools
- Pentest Recon Tools
- Hack App
- Pentest Tools Free
- Best Hacking Tools 2019
- Hack Apps
- Hacker
- Android Hack Tools Github
- Best Hacking Tools 2020
- Black Hat Hacker Tools
- Physical Pentest Tools
- Hacker Tools For Mac
- Pentest Tools For Windows
- Hack Tools For Ubuntu
- Nsa Hack Tools Download
- Hacking Tools For Games
- Hacking Tools For Kali Linux
- Pentest Tools Online
- Hacker Tools For Windows
- Pentest Tools For Windows
- Pentest Tools Subdomain
- Pentest Tools Nmap
- Pentest Tools For Mac
- Hacking Tools Download
- Pentest Tools Website Vulnerability
- Best Pentesting Tools 2018
- Hacker Security Tools
- Hacking Tools For Games
- Pentest Tools Bluekeep
- Hacking Tools Kit
- Pentest Tools Kali Linux
- Hacker Tools Mac
- Hacking Tools And Software
- Easy Hack Tools
- Physical Pentest Tools
- Nsa Hack Tools Download
- Hacker Tools Github
- Hack Tools Mac
- Hacking App
- Usb Pentest Tools
- Hacker Tools List
- Hackers Toolbox
- Pentest Tools Open Source
- Pentest Tools For Windows
- Hackers Toolbox
- Pentest Tools Nmap
- Pentest Reporting Tools
- Hack Tools Online
- Pentest Tools For Mac
- Free Pentest Tools For Windows
- Hacking App
- Hacking Tools For Beginners
- Hacking Tools Pc
- Github Hacking Tools
- Nsa Hacker Tools
- Hack Website Online Tool
- Pentest Tools Free
- What Is Hacking Tools
- Pentest Tools For Ubuntu
- Hack Tool Apk
- Hacker Tools For Windows
- Hack Tools Github
- Pentest Tools Bluekeep
- Best Hacking Tools 2020
- Hacker Tools For Ios
- Pentest Tools Find Subdomains
- Free Pentest Tools For Windows
- Hacking Tools For Kali Linux
- Hacking Tools For Windows 7
- Hack And Tools
- Hacker Tools
- Underground Hacker Sites
- Hacker Tools For Windows
- World No 1 Hacker Software
- Hacker Search Tools
- Pentest Tools Bluekeep
- Hacker Tools Free
- World No 1 Hacker Software
- Game Hacking
- Pentest Tools Website Vulnerability
- Hack Tools For Mac
- Github Hacking Tools
- Hacker Tools Mac
- Hack Tools Download
- Pentest Tools Url Fuzzer
- Hacking Tools 2020
- Nsa Hack Tools Download
- Hacker Tools Apk Download
- Hacker Tools
- Hacker Tools 2019
- Hacking Tools For Mac
- Hacker Tool Kit
- Hack Tools Mac
- Nsa Hack Tools Download
- Android Hack Tools Github
- Hacker Tools Online
- Hacker Tools For Mac
- Hacker Tools Apk
- Hacker Tools For Mac
- Hacking Tools For Kali Linux
- Hacker Tools Free Download
- Pentest Reporting Tools
- New Hack Tools
- Hacking Tools For Beginners
- Best Pentesting Tools 2018
- Android Hack Tools Github
- Hacking Tools For Mac
- Wifi Hacker Tools For Windows
- Tools 4 Hack
- Github Hacking Tools
- Hacking Tools For Windows
- Hacker Security Tools
- Hacker Tools For Ios
- Underground Hacker Sites
- Hack Website Online Tool
- Hacking Tools Usb
- Hack Tools Github
- Pentest Tools Download
- Hacking Tools Windows 10
ليست هناك تعليقات:
إرسال تعليق