goGetBucket - A Penetration Testing Tool To Enumerate And Analyse Amazon S3 Buckets Owned By A Domain

When performing a recon on a domain - understanding assets they own is very important. AWS S3 bucket permissions have been confused time and time again, and have allowed for the exposure of sensitive material.

What this tool does, is enumerate S3 bucket names using common patterns I have identified during my time bug hunting and pentesting. Permutations are supported on a root domain name using a custom wordlist. I highly recommend the one packaged within AltDNS.

The following information about every bucket found to exist will be returned:

• List Permission
• Write Permission
• Region the Bucket exists in
• If the bucket has all access disabled

Installation

go get -u github.com/glen-mac/goGetBucket

Usage
goGetBucket -m ~/tools/altdns/words.txt -d <domain> -o <output> -i <wordlist>

Usage of ./goGetBucket:
  -d string
        Supplied domain name (used with mutation flag)
  -f string
        Path to a testfile (default "/tmp/test.file")
  -i string
        Path to input wordlist to enumerate
  -k string
        Keyword list (used with mutation flag)
  -m string
        Path to mutation wordlist (requires domain flag)
  -o string
        Path to output file to store log
  -t int
        Number of concurrent threads (default 100)

Throughout my use of the tool, I have produced the best results when I feed in a list (-i) of subdomains for a root domain I am interested in. E.G:

www.domain.com
mail.domain.com
dev.domain.com

The test file (-f) is a file that the script will attempt to store in the bucket to test write permissions. So maybe store your contact information and a warning message if this is performed during a bounty?
The keyword list (-k) is concatenated with the root domain name (-d) and the domain without the TLD to permutate using the supplied permuation wordlist (-m).
Be sure not to increase the threads too high (-t) - as the AWS has API rate limiting that will kick in and start giving an undesired return code.

Download goGetBucket

More info

1. Hacker Tools For Windows
2. Pentest Tools Website Vulnerability
3. Nsa Hacker Tools
4. Beginner Hacker Tools
5. Hacking Tools And Software
6. Hacking Tools Free Download
7. Hack Tools For Mac
8. Hack Tools Github
9. What Are Hacking Tools
10. Hacker Tools 2019
11. Pentest Tools Github
12. Hacking Tools For Windows 7
13. Pentest Recon Tools
14. Hacking Tools For Windows 7
15. Pentest Tools Linux
16. Hacker Tools For Ios
17. Hacking App
18. Pentest Recon Tools
19. Hacking Tools Mac
20. Github Hacking Tools
21. Hacker Tools For Ios
22. Blackhat Hacker Tools
23. Pentest Tools For Ubuntu
24. Pentest Tools Github
25. Hacking Tools For Beginners
26. Hacking Tools And Software
27. Nsa Hacker Tools
28. Pentest Tools Subdomain
29. Hacker Tools Hardware
30. Hack Tools 2019
31. Pentest Tools For Mac
32. Hacking Tools For Pc
33. Pentest Tools Download
34. Hacker Tools Software
35. Ethical Hacker Tools
36. Hack Tools For Games
37. Hack Tools For Ubuntu
38. Hacker Tools Hardware
39. Hacker
40. Pentest Recon Tools
41. Nsa Hack Tools
42. Hacking Tools Github
43. Pentest Tools Nmap
44. Hacking Tools Github
45. Hack Tools 2019
46. Hacker Search Tools
47. Game Hacking
48. Hacking Tools Github
49. Hacker Hardware Tools
50. Pentest Tools For Android
51. Bluetooth Hacking Tools Kali
52. Pentest Tools Linux
53. Pentest Tools Subdomain
54. Hacker Tools For Windows
55. Hack Tools 2019
56. Hack Tools For Pc
57. Hack Website Online Tool
58. Usb Pentest Tools
59. Top Pentest Tools
60. Usb Pentest Tools
61. Pentest Tools Tcp Port Scanner
62. Hacking Tools Windows 10
63. Hacker
64. Hacker Techniques Tools And Incident Handling
65. Pentest Tools Url Fuzzer
66. Hacker Tools Windows
67. Hacker Search Tools
68. Hacking Tools Windows
69. Hacking App
70. Free Pentest Tools For Windows
71. Pentest Tools Bluekeep
72. Pentest Tools Website Vulnerability
73. Wifi Hacker Tools For Windows