When performing a recon on a domain - understanding assets they own is very important. AWS S3 bucket permissions have been confused time and time again, and have allowed for the exposure of sensitive material.
What this tool does, is enumerate S3 bucket names using common patterns I have identified during my time bug hunting and pentesting. Permutations are supported on a root domain name using a custom wordlist. I highly recommend the one packaged within AltDNS.
The following information about every bucket found to exist will be returned:
- List Permission
- Write Permission
- Region the Bucket exists in
- If the bucket has all access disabled
Installation
go get -u github.com/glen-mac/goGetBucketUsage
goGetBucket -m ~/tools/altdns/words.txt -d <domain> -o <output> -i <wordlist>Usage of ./goGetBucket:
-d string
Supplied domain name (used with mutation flag)
-f string
Path to a testfile (default "/tmp/test.file")
-i string
Path to input wordlist to enumerate
-k string
Keyword list (used with mutation flag)
-m string
Path to mutation wordlist (requires domain flag)
-o string
Path to output file to store log
-t int
Number of concurrent threads (default 100)-i) of subdomains for a root domain I am interested in. E.G:www.domain.com
mail.domain.com
dev.domain.com-f) is a file that the script will attempt to store in the bucket to test write permissions. So maybe store your contact information and a warning message if this is performed during a bounty?The keyword list (
-k) is concatenated with the root domain name (-d) and the domain without the TLD to permutate using the supplied permuation wordlist (-m).Be sure not to increase the threads too high (
-t) - as the AWS has API rate limiting that will kick in and start giving an undesired return code.- Free Pentest Tools For Windows
- Game Hacking
- Tools Used For Hacking
- What Is Hacking Tools
- Android Hack Tools Github
- Hack Tools For Pc
- Growth Hacker Tools
- Hack Tool Apk
- Computer Hacker
- Hacker Tools Linux
- What Is Hacking Tools
- Nsa Hacker Tools
- Best Pentesting Tools 2018
- Hacking Tools Mac
- Hacking Tools For Kali Linux
- Hacking Tools For Mac
- Hack Tools Mac
- Hacking App
- Pentest Automation Tools
- Hacking Tools For Games
- Hacker Tools Software
- Hacker Tools Free
- Hack Tool Apk
- Physical Pentest Tools
- Computer Hacker
- Hacking Tools For Kali Linux
- Hackers Toolbox
- Tools Used For Hacking
- Game Hacking
- Hack Tools 2019
- Hack Website Online Tool
- Beginner Hacker Tools
- Best Hacking Tools 2019
- Physical Pentest Tools
- New Hack Tools
- Top Pentest Tools
- Hack Tools For Pc
- How To Hack
- Wifi Hacker Tools For Windows
- Pentest Tools Free
- Hacker Tools Github
- Hacking Tools 2019
- Hacker Tool Kit
- Hacks And Tools
- Best Hacking Tools 2019
- Hacker Tools For Mac
- Hack Tools For Games
- Pentest Tools Open Source
- Hacking Tools Github
- Hacker
- Hacker Tools For Windows
- Hacking Tools Kit
- Hacker Tools 2020
- Android Hack Tools Github
- Hacking Tools For Windows 7
- Hack Tools 2019
- Hacking Tools For Games
- Hacker Tools Free
- Pentest Tools Website
- Hacking Tools Mac
- Pentest Tools Online
- Android Hack Tools Github
- Pentest Tools Website
- Pentest Tools Open Source
- What Are Hacking Tools
- Hack Tools Github
- Hacking Tools Software
- Best Hacking Tools 2020
- Black Hat Hacker Tools
- Pentest Tools Bluekeep
- Hack Tools Github
- Hacker Tools 2020
- Hacker Techniques Tools And Incident Handling
- Easy Hack Tools
- Hacking Tools Name
- Github Hacking Tools
- Termux Hacking Tools 2019
- Hack Tool Apk
- Pentest Tools Alternative
- Hacking Tools For Games
- How To Install Pentest Tools In Ubuntu
- Hack Rom Tools
- What Are Hacking Tools
- New Hack Tools
No hay comentarios:
Publicar un comentario
Nota: solo los miembros de este blog pueden publicar comentarios.