quinta-feira, 27 de agosto de 2020

goGetBucket - A Penetration Testing Tool To Enumerate And Analyse Amazon S3 Buckets Owned By A Domain


When performing a recon on a domain - understanding assets they own is very important. AWS S3 bucket permissions have been confused time and time again, and have allowed for the exposure of sensitive material.

What this tool does, is enumerate S3 bucket names using common patterns I have identified during my time bug hunting and pentesting. Permutations are supported on a root domain name using a custom wordlist. I highly recommend the one packaged within AltDNS.

The following information about every bucket found to exist will be returned:
  • List Permission
  • Write Permission
  • Region the Bucket exists in
  • If the bucket has all access disabled

Installation
go get -u github.com/glen-mac/goGetBucket

Usage
goGetBucket -m ~/tools/altdns/words.txt -d <domain> -o <output> -i <wordlist>
Usage of ./goGetBucket:
  -d string
        Supplied domain name (used with mutation flag)
  -f string
        Path to a testfile (default "/tmp/test.file")
  -i string
        Path to input wordlist to enumerate
  -k string
        Keyword list (used with mutation flag)
  -m string
        Path to mutation wordlist (requires domain flag)
  -o string
        Path to output file to store log
  -t int
        Number of concurrent threads (default 100)
Throughout my use of the tool, I have produced the best results when I feed in a list (-i) of subdomains for a root domain I am interested in. E.G:
www.domain.com
mail.domain.com
dev.domain.com
The test file (-f) is a file that the script will attempt to store in the bucket to test write permissions. So maybe store your contact information and a warning message if this is performed during a bounty?
The keyword list (-k) is concatenated with the root domain name (-d) and the domain without the TLD to permutate using the supplied permuation wordlist (-m).
Be sure not to increase the threads too high (-t) - as the AWS has API rate limiting that will kick in and start giving an undesired return code.

Related links

  1. Android Hack Tools Github
  2. Hack Tools For Pc
  3. Hacking Tools Name
  4. Best Pentesting Tools 2018
  5. Beginner Hacker Tools
  6. Hacker Tools 2019
  7. Best Hacking Tools 2019
  8. How To Make Hacking Tools
  9. Pentest Box Tools Download
  10. Hacker Tools Software
  11. Pentest Tools Bluekeep
  12. Hack Tools For Mac
  13. Pentest Tools Windows
  14. Underground Hacker Sites
  15. Pentest Tools Download
  16. Hacking Tools Name
  17. Hacker Search Tools
  18. Pentest Tools Linux
  19. Hacking Tools And Software
  20. Hacker Tools Apk
  21. Tools Used For Hacking
  22. Hacker Tools Windows
  23. Hack Tools Pc
  24. How To Install Pentest Tools In Ubuntu
  25. Bluetooth Hacking Tools Kali
  26. Computer Hacker
  27. Hacking Tools For Windows
  28. Hacker Tools For Mac
  29. Hacking Tools Download
  30. Pentest Tools Find Subdomains
  31. Hacking Tools For Windows Free Download
  32. Pentest Tools Bluekeep
  33. Hacker
  34. Hack App
  35. Growth Hacker Tools
  36. Hacking Tools
  37. Hack Apps
  38. Pentest Tools Windows
  39. Hack Apps
  40. Pentest Tools Github
  41. Hack Tools For Ubuntu
  42. Hacking Tools Hardware
  43. Hacker Tools For Ios
  44. Hack Tools For Mac
  45. Hack Tools
  46. Pentest Tools Url Fuzzer
  47. Hacker Tools Apk
  48. Kik Hack Tools
  49. Hacker Tools
  50. Hacking Tools For Mac
  51. Game Hacking
  52. Hack Tool Apk No Root
  53. Hacker Tools Apk Download
  54. Hacker Tools For Windows
  55. Easy Hack Tools
  56. Hacking Tools For Games
  57. Hack Tools 2019
  58. Hacker Tools List
  59. Hacking Tools For Kali Linux
  60. Hack Tools Mac
  61. Hacker Security Tools
  62. Hacks And Tools
  63. How To Hack
  64. World No 1 Hacker Software
  65. Pentest Tools Subdomain
  66. Hacking Tools For Windows
  67. Hacking Tools For Windows 7
  68. Growth Hacker Tools
  69. Hack App
  70. Hacker Search Tools
  71. Hacker
  72. Pentest Tools Port Scanner
  73. Pentest Tools Android
  74. Pentest Tools Find Subdomains
  75. Pentest Tools For Ubuntu
  76. Hacking Tools Online
  77. Hacking Tools Software
  78. Hack Rom Tools
  79. Hacker Tools 2019
  80. Hacking Tools Online
  81. Tools For Hacker
  82. Pentest Tools For Windows
  83. Hack Tools For Mac
  84. Hacking Tools Free Download
  85. Hacking App
  86. Hack Apps
  87. Hackers Toolbox
  88. Hack Tool Apk No Root
  89. Hack Tool Apk No Root
  90. Hack Tools Pc
  91. Hacking Tools Pc
  92. Hacker Tools Hardware
  93. Pentest Tools Kali Linux
  94. Hacking Tools For Kali Linux
  95. Hacking Tools For Beginners
  96. Pentest Tools Tcp Port Scanner
  97. Hacking Tools Pc
  98. Hacker Search Tools
  99. Pentest Tools
  100. What Are Hacking Tools
  101. Pentest Tools Url Fuzzer
  102. Pentest Tools Download
  103. Hacker Tools List
  104. Android Hack Tools Github
  105. Nsa Hack Tools Download
  106. Hack Tools
  107. Pentest Tools Linux
  108. Hacking Tools 2019
  109. Pentest Tools Subdomain
  110. Hack App
  111. What Are Hacking Tools
  112. Hack Tools For Mac
  113. Beginner Hacker Tools
  114. Pentest Tools For Android
  115. Hack Rom Tools
  116. Ethical Hacker Tools
  117. Pentest Reporting Tools
  118. Pentest Tools Subdomain
  119. Pentest Tools Website
  120. Hack App
  121. Hack And Tools
  122. Nsa Hacker Tools
  123. Beginner Hacker Tools
  124. Hacking Tools For Windows
  125. What Are Hacking Tools
  126. Pentest Tools Alternative
  127. Hacker Tools Apk
  128. Usb Pentest Tools
  129. Hacking Tools Windows
  130. Hak5 Tools
  131. Hacker Tools Free
  132. Ethical Hacker Tools
  133. Hacker Tools Linux
  134. How To Make Hacking Tools
  135. Hacker Tools
  136. Hacking Tools
  137. Tools Used For Hacking
  138. Hacking Tools Hardware
  139. Github Hacking Tools
  140. Pentest Tools Open Source
  141. Hacking Tools For Pc
  142. Pentest Tools Kali Linux
Postado por às

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)