goGetBucket - A Penetration Testing Tool To Enumerate And Analyse Amazon S3 Buckets Owned By A Domain

When performing a recon on a domain - understanding assets they own is very important. AWS S3 bucket permissions have been confused time and time again, and have allowed for the exposure of sensitive material.

What this tool does, is enumerate S3 bucket names using common patterns I have identified during my time bug hunting and pentesting. Permutations are supported on a root domain name using a custom wordlist. I highly recommend the one packaged within AltDNS.

The following information about every bucket found to exist will be returned:

• List Permission
• Write Permission
• Region the Bucket exists in
• If the bucket has all access disabled

Installation

go get -u github.com/glen-mac/goGetBucket

Usage
goGetBucket -m ~/tools/altdns/words.txt -d <domain> -o <output> -i <wordlist>

Usage of ./goGetBucket:
  -d string
        Supplied domain name (used with mutation flag)
  -f string
        Path to a testfile (default "/tmp/test.file")
  -i string
        Path to input wordlist to enumerate
  -k string
        Keyword list (used with mutation flag)
  -m string
        Path to mutation wordlist (requires domain flag)
  -o string
        Path to output file to store log
  -t int
        Number of concurrent threads (default 100)

Throughout my use of the tool, I have produced the best results when I feed in a list (-i) of subdomains for a root domain I am interested in. E.G:

www.domain.com
mail.domain.com
dev.domain.com

The test file (-f) is a file that the script will attempt to store in the bucket to test write permissions. So maybe store your contact information and a warning message if this is performed during a bounty?
The keyword list (-k) is concatenated with the root domain name (-d) and the domain without the TLD to permutate using the supplied permuation wordlist (-m).
Be sure not to increase the threads too high (-t) - as the AWS has API rate limiting that will kick in and start giving an undesired return code.

Download goGetBucket

More info

1. Kik Hack Tools
2. Hacker Tools For Ios
3. Black Hat Hacker Tools
4. Tools Used For Hacking
5. Hacking Tools 2020
6. Hack Tools Mac
7. Pentest Tools Kali Linux
8. Pentest Tools For Windows
9. Top Pentest Tools
10. Hacker Tools
11. Hacking Tools Pc
12. Best Hacking Tools 2020
13. Pentest Tools Tcp Port Scanner
14. Hacking Tools Hardware
15. Pentest Tools Bluekeep
16. Hacking Tools For Beginners
17. Top Pentest Tools
18. Hacker Tools Linux
19. Hacker Search Tools
20. Pentest Tools Open Source
21. Pentest Box Tools Download
22. Pentest Tools Android
23. Hack Tools For Ubuntu
24. Pentest Recon Tools
25. How To Install Pentest Tools In Ubuntu
26. Hacking Tools For Windows
27. Pentest Tools Windows
28. Hacker Tools
29. Pentest Tools Url Fuzzer
30. Tools Used For Hacking
31. Hacking Tools Free Download
32. Usb Pentest Tools
33. Pentest Tools Github
34. Hacking Tools Mac
35. Hacker Tools For Windows
36. Hack Tools Mac
37. Ethical Hacker Tools
38. Hacking Tools And Software
39. Hack Tools Download
40. Hacker Techniques Tools And Incident Handling
41. Pentest Tools Open Source
42. Pentest Tools Free
43. Hacking Tools Windows
44. Hacking Tools For Windows
45. Tools 4 Hack
46. Hacker Tools Windows
47. Hack Tools 2019
48. Hack And Tools
49. Hacking Tools And Software
50. Hacking Tools Github
51. Nsa Hack Tools Download
52. Hacker Hardware Tools
53. What Are Hacking Tools
54. Hacking Tools
55. Hacking Tools For Kali Linux
56. How To Install Pentest Tools In Ubuntu
57. Hacking App
58. Github Hacking Tools
59. Pentest Tools Android
60. Free Pentest Tools For Windows
61. Hacking Tools Free Download
62. Hacker Tools Hardware
63. Hacking Tools And Software
64. Best Hacking Tools 2019
65. Hacking Tools Download
66. What Is Hacking Tools
67. Game Hacking
68. Pentest Box Tools Download
69. Pentest Tools Tcp Port Scanner
70. Pentest Tools Url Fuzzer
71. Hack Tools Github
72. Pentest Tools Website
73. Pentest Tools Download
74. Hacking Tools Software
75. Hacking Tools Online
76. Hack Tools Github
77. Github Hacking Tools
78. Hack Tools Pc
79. What Are Hacking Tools
80. Hacking Tools Pc
81. Hack Tools For Windows
82. Usb Pentest Tools
83. Hacking Tools For Mac
84. Termux Hacking Tools 2019
85. Hacking Tools For Windows Free Download
86. Hack Apps
87. Pentest Tools Linux
88. Wifi Hacker Tools For Windows
89. Hack And Tools
90. Underground Hacker Sites
91. Hacking Tools For Beginners
92. Hacking Tools For Windows
93. Hacking Tools 2020
94. Best Hacking Tools 2019
95. Hacker Tools Windows
96. Pentest Tools For Ubuntu
97. Pentest Tools Find Subdomains
98. Hack Tools Pc
99. Hackrf Tools
100. Hack Tools Online
101. Pentest Tools Framework
102. Hacker Tools
103. Hack Tools Online
104. Hacker Tools List
105. Hacker Tools For Windows
106. Hacking Tools Kit
107. Hacks And Tools
108. Pentest Tools Download
109. Hacker Tools Free Download
110. Kik Hack Tools
111. Top Pentest Tools
112. New Hacker Tools
113. Nsa Hacker Tools
114. Pentest Tools Review
115. Kik Hack Tools
116. Pentest Box Tools Download
117. Hacking Tools For Windows 7
118. Hacking Tools 2020
119. Pentest Tools Open Source
120. Hacker Tools Online
121. Hacking Apps
122. Pentest Tools Linux
123. Tools Used For Hacking
124. Game Hacking
125. Hacker Search Tools
126. Nsa Hack Tools Download
127. Android Hack Tools Github
128. Hacking Tools Kit