goGetBucket - A Penetration Testing Tool To Enumerate And Analyse Amazon S3 Buckets Owned By A Domain

When performing a recon on a domain - understanding assets they own is very important. AWS S3 bucket permissions have been confused time and time again, and have allowed for the exposure of sensitive material.

What this tool does, is enumerate S3 bucket names using common patterns I have identified during my time bug hunting and pentesting. Permutations are supported on a root domain name using a custom wordlist. I highly recommend the one packaged within AltDNS.

The following information about every bucket found to exist will be returned:

• List Permission
• Write Permission
• Region the Bucket exists in
• If the bucket has all access disabled

Installation

go get -u github.com/glen-mac/goGetBucket

Usage
goGetBucket -m ~/tools/altdns/words.txt -d <domain> -o <output> -i <wordlist>

Usage of ./goGetBucket:
  -d string
        Supplied domain name (used with mutation flag)
  -f string
        Path to a testfile (default "/tmp/test.file")
  -i string
        Path to input wordlist to enumerate
  -k string
        Keyword list (used with mutation flag)
  -m string
        Path to mutation wordlist (requires domain flag)
  -o string
        Path to output file to store log
  -t int
        Number of concurrent threads (default 100)

Throughout my use of the tool, I have produced the best results when I feed in a list (-i) of subdomains for a root domain I am interested in. E.G:

www.domain.com
mail.domain.com
dev.domain.com

The test file (-f) is a file that the script will attempt to store in the bucket to test write permissions. So maybe store your contact information and a warning message if this is performed during a bounty?
The keyword list (-k) is concatenated with the root domain name (-d) and the domain without the TLD to permutate using the supplied permuation wordlist (-m).
Be sure not to increase the threads too high (-t) - as the AWS has API rate limiting that will kick in and start giving an undesired return code.

Download goGetBucket

More information

1. Black Hat Hacker Tools
2. Pentest Tools Tcp Port Scanner
3. Hacker Tools Mac
4. Pentest Tools List
5. Pentest Tools Find Subdomains
6. Hacking Tools Github
7. Hacking Tools For Games
8. Hack Tool Apk
9. Pentest Reporting Tools
10. Hack Tools Pc
11. Hacking Tools For Windows
12. Wifi Hacker Tools For Windows
13. Hacking Tools Software
14. Best Hacking Tools 2020
15. Hacking Tools For Windows 7
16. Hack Tools Download
17. Usb Pentest Tools
18. Best Hacking Tools 2019
19. Easy Hack Tools
20. Physical Pentest Tools
21. Hacker Tools For Mac
22. Pentest Recon Tools
23. New Hack Tools
24. Hacking Tools Kit
25. Pentest Tools Find Subdomains
26. Hack Tools For Pc
27. What Are Hacking Tools
28. Hacker Techniques Tools And Incident Handling
29. Hacking Tools For Beginners
30. Pentest Tools Linux
31. Hacking Tools Free Download
32. Hack Tools For Mac
33. Hacking Tools Usb
34. Hacking Tools Pc
35. Pentest Tools Kali Linux
36. Hacking Tools For Kali Linux
37. Tools For Hacker
38. Hacker Tool Kit
39. Hacking Tools For Games
40. Pentest Tools Windows
41. Hack Tools 2019
42. Termux Hacking Tools 2019
43. Usb Pentest Tools
44. Pentest Box Tools Download
45. Blackhat Hacker Tools
46. Hack Tools For Windows
47. Hack Tools Pc
48. Hacking Tools And Software
49. Hacker Tools Free Download
50. Hacking Tools For Mac
51. Hacking Tools Hardware
52. Hacking Tools 2020
53. Termux Hacking Tools 2019
54. Hacking Apps
55. Hacking Tools Github
56. Pentest Reporting Tools
57. Hacker Search Tools
58. Pentest Tools Review
59. Tools 4 Hack
60. Hacking Tools Kit
61. Hacker Tools Free Download
62. Hacker Tools Mac
63. Hacking Tools Kit
64. Pentest Tools Find Subdomains
65. Hacker Tools Software
66. How To Install Pentest Tools In Ubuntu
67. Easy Hack Tools
68. Hack Website Online Tool
69. Hacking Tools
70. Hacker Tools Hardware
71. Hack Tools 2019
72. What Are Hacking Tools
73. Hacker Hardware Tools
74. Hack And Tools
75. Hacker Tools Free Download
76. Pentest Tools For Mac
77. Hacking Tools Github
78. Github Hacking Tools
79. Pentest Tools Online
80. Hacking Tools Name
81. Pentest Tools Windows
82. Hacker Tools For Pc
83. Bluetooth Hacking Tools Kali
84. Hack Tools
85. Computer Hacker
86. Hacking Tools Software
87. Hack Tools For Games
88. Hacking Tools Github
89. Hacking Tools Github
90. Hacking Tools For Windows Free Download
91. Pentest Tools For Mac
92. Pentest Tools Review
93. Hacker Tools For Windows
94. Hacking Tools For Pc
95. Hackrf Tools
96. Hacking Tools Name
97. Black Hat Hacker Tools
98. Best Pentesting Tools 2018
99. Tools Used For Hacking
100. Hacker Tools For Ios
101. Underground Hacker Sites
102. Pentest Tools Subdomain
103. Hacking Apps
104. How To Make Hacking Tools
105. Hacking Tools Pc
106. Hak5 Tools
107. Install Pentest Tools Ubuntu
108. Hacking Tools For Pc
109. World No 1 Hacker Software
110. New Hack Tools
111. Hacker Tools Online
112. Hack Tools For Games
113. Hacking App
114. Github Hacking Tools
115. Hak5 Tools
116. Hacker Tools Apk
117. How To Make Hacking Tools
118. Pentest Tools Review
119. How To Make Hacking Tools
120. Pentest Tools Github
121. Beginner Hacker Tools
122. Hacker Security Tools
123. Pentest Tools Website Vulnerability
124. What Are Hacking Tools
125. Hacker Tools 2020
126. Hack Tools Download
127. Hack Tools Download
128. Hacker Tools Online
129. Best Hacking Tools 2020
130. Hacking Tools Download
131. Android Hack Tools Github
132. Easy Hack Tools
133. Bluetooth Hacking Tools Kali
134. Hacker Tools Windows
135. Hacker Techniques Tools And Incident Handling
136. Pentest Tools Review
137. Hack Tool Apk No Root
138. What Is Hacking Tools
139. Hacker Tools Free
140. Pentest Tools Windows
141. Hacking Tools Mac
142. New Hack Tools
143. Hacker Tools Free
144. Pentest Tools Android
145. Pentest Tools Url Fuzzer
146. New Hack Tools
147. Hacking Tools 2019
148. Hacking Tools For Mac
149. Tools 4 Hack
150. Nsa Hacker Tools
151. Pentest Tools Port Scanner
152. Pentest Tools Linux
153. Termux Hacking Tools 2019