Thursday, August 27, 2020

goGetBucket - A Penetration Testing Tool To Enumerate And Analyse Amazon S3 Buckets Owned By A Domain


When performing a recon on a domain - understanding assets they own is very important. AWS S3 bucket permissions have been confused time and time again, and have allowed for the exposure of sensitive material.

What this tool does, is enumerate S3 bucket names using common patterns I have identified during my time bug hunting and pentesting. Permutations are supported on a root domain name using a custom wordlist. I highly recommend the one packaged within AltDNS.

The following information about every bucket found to exist will be returned:
  • List Permission
  • Write Permission
  • Region the Bucket exists in
  • If the bucket has all access disabled

Installation
go get -u github.com/glen-mac/goGetBucket

Usage
goGetBucket -m ~/tools/altdns/words.txt -d <domain> -o <output> -i <wordlist>
Usage of ./goGetBucket:
  -d string
        Supplied domain name (used with mutation flag)
  -f string
        Path to a testfile (default "/tmp/test.file")
  -i string
        Path to input wordlist to enumerate
  -k string
        Keyword list (used with mutation flag)
  -m string
        Path to mutation wordlist (requires domain flag)
  -o string
        Path to output file to store log
  -t int
        Number of concurrent threads (default 100)
Throughout my use of the tool, I have produced the best results when I feed in a list (-i) of subdomains for a root domain I am interested in. E.G:
www.domain.com
mail.domain.com
dev.domain.com
The test file (-f) is a file that the script will attempt to store in the bucket to test write permissions. So maybe store your contact information and a warning message if this is performed during a bounty?
The keyword list (-k) is concatenated with the root domain name (-d) and the domain without the TLD to permutate using the supplied permuation wordlist (-m).
Be sure not to increase the threads too high (-t) - as the AWS has API rate limiting that will kick in and start giving an undesired return code.

More information
  1. Hacker Tools List
  2. Pentest Tools Windows
  3. Nsa Hacker Tools
  4. Hacker Techniques Tools And Incident Handling
  5. Pentest Box Tools Download
  6. Hacking Tools Software
  7. Pentest Tools Tcp Port Scanner
  8. Pentest Tools Download
  9. Hacker Hardware Tools
  10. Hack Tool Apk
  11. Underground Hacker Sites
  12. Pentest Tools Url Fuzzer
  13. Physical Pentest Tools
  14. Hacking Tools Free Download
  15. Hacker Techniques Tools And Incident Handling
  16. Hacker Tools Linux
  17. Pentest Reporting Tools
  18. Pentest Tools Website Vulnerability
  19. Hacking Tools Download
  20. Pentest Tools Port Scanner
  21. Pentest Tools For Ubuntu
  22. Hacking Tools For Windows 7
  23. Hacker Hardware Tools
  24. Best Pentesting Tools 2018
  25. Pentest Tools Bluekeep
  26. Pentest Tools Android
  27. Hack Tools Mac
  28. Hacker Tools Apk
  29. Hack Tool Apk No Root
  30. Hack Tools Github
  31. Hack Tools For Windows
  32. Install Pentest Tools Ubuntu
  33. Hackers Toolbox
  34. World No 1 Hacker Software
  35. Hacking Tools
  36. Pentest Tools For Android
  37. Hacker Hardware Tools
  38. Underground Hacker Sites
  39. Hacker Tools Free
  40. Hacking Tools For Kali Linux
  41. Hack Website Online Tool
  42. Hacking Tools Kit
  43. Blackhat Hacker Tools
  44. Pentest Tools Download
  45. Hacker Tools Apk Download
  46. Hack Tools For Mac
  47. Hack App
  48. Pentest Reporting Tools
  49. Hack Tools Download
  50. Pentest Reporting Tools
  51. Pentest Tools List
  52. Hacking Tools Online
  53. Best Hacking Tools 2019
  54. Hacker Tools Mac
  55. Hack And Tools
  56. Hacker Hardware Tools
  57. Hack Tools For Games
  58. Ethical Hacker Tools
  59. Pentest Tools Tcp Port Scanner
  60. Hacker Tools List
  61. Pentest Recon Tools
  62. How To Install Pentest Tools In Ubuntu
  63. Free Pentest Tools For Windows
  64. Usb Pentest Tools
  65. Pentest Tools Framework
  66. Pentest Tools Android
  67. Hacking Tools Windows 10
  68. Hacker Tools Hardware
  69. Hacking Tools For Kali Linux
  70. Hacker Tools Linux
  71. Hacking Tools For Windows 7
  72. Hacker Tools For Windows
  73. Hacking Tools Online
  74. Hacking Tools And Software
  75. Growth Hacker Tools
  76. Pentest Tools Framework
  77. Top Pentest Tools
  78. Hack Tools For Ubuntu
  79. Pentest Automation Tools
  80. Hacking Tools For Beginners
  81. Hacking Tools Name
  82. New Hacker Tools
  83. Hacking Tools Online
  84. Top Pentest Tools
  85. Hack Tools 2019
  86. Github Hacking Tools
  87. Hacking Tools Online
  88. Tools 4 Hack
  89. Pentest Tools For Ubuntu
  90. Termux Hacking Tools 2019
  91. Hackrf Tools
  92. Hacking Tools
  93. Hack Tools Pc
  94. Hacker Tools Linux
  95. Hacking Tools 2020
  96. Pentest Tools Website
  97. Nsa Hacker Tools
  98. Pentest Box Tools Download
  99. What Is Hacking Tools
  100. Hacking Tools Windows
  101. Pentest Tools Open Source
  102. Pentest Tools Url Fuzzer
  103. Hacking Tools 2020
  104. Wifi Hacker Tools For Windows
  105. Pentest Tools Open Source
  106. Hack Tool Apk No Root
  107. Best Hacking Tools 2019
  108. Hacking App
  109. Pentest Tools For Android
  110. Pentest Tools Android
  111. Hacking App
  112. Underground Hacker Sites
  113. Best Pentesting Tools 2018
  114. Pentest Recon Tools
  115. Hacker Tools 2019
  116. Hack App
  117. Github Hacking Tools
  118. Hacker Tools Online
  119. Hacker Tools Hardware
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)