sábado, 25 de abril de 2020

goGetBucket - A Penetration Testing Tool To Enumerate And Analyse Amazon S3 Buckets Owned By A Domain


When performing a recon on a domain - understanding assets they own is very important. AWS S3 bucket permissions have been confused time and time again, and have allowed for the exposure of sensitive material.

What this tool does, is enumerate S3 bucket names using common patterns I have identified during my time bug hunting and pentesting. Permutations are supported on a root domain name using a custom wordlist. I highly recommend the one packaged within AltDNS.

The following information about every bucket found to exist will be returned:
  • List Permission
  • Write Permission
  • Region the Bucket exists in
  • If the bucket has all access disabled

Installation
go get -u github.com/glen-mac/goGetBucket

Usage
goGetBucket -m ~/tools/altdns/words.txt -d <domain> -o <output> -i <wordlist>
Usage of ./goGetBucket:
  -d string
        Supplied domain name (used with mutation flag)
  -f string
        Path to a testfile (default "/tmp/test.file")
  -i string
        Path to input wordlist to enumerate
  -k string
        Keyword list (used with mutation flag)
  -m string
        Path to mutation wordlist (requires domain flag)
  -o string
        Path to output file to store log
  -t int
        Number of concurrent threads (default 100)
Throughout my use of the tool, I have produced the best results when I feed in a list (-i) of subdomains for a root domain I am interested in. E.G:
www.domain.com
mail.domain.com
dev.domain.com
The test file (-f) is a file that the script will attempt to store in the bucket to test write permissions. So maybe store your contact information and a warning message if this is performed during a bounty?
The keyword list (-k) is concatenated with the root domain name (-d) and the domain without the TLD to permutate using the supplied permuation wordlist (-m).
Be sure not to increase the threads too high (-t) - as the AWS has API rate limiting that will kick in and start giving an undesired return code.

More information


  1. Hacking Microsoft
  2. Hacking Kali Linux
  3. Curso Completo De Hacking Ético
  4. Ingeniería Social El Arte Del Hacking Personal
Publicada por à(s)

Sem comentários:

Enviar um comentário

Subscrever: Enviar feedback (Atom)

Quando eu te falei em amor

Quando os meus olhos te tocaram
Eu senti que encontrara
A outra, metade de mim
Tive medo de acordar
Como se vivesse um sonho
Que não pensei em realizar
E a força do desejo
Faz me chegar perto de ti

Quando eu te falei em amor
Tu sorriste para mim
E o mundo ficou bem melhor
Quando eu te falei em amor
Nos sentimos os dois
Que o amanha vem depois
E não no fim

Estas linhas que hoje escrevo
São do livro da memória
Do que eu sinto por ti
E tudo o que tu me das
É parte da história que eu ainda não vivi
E a força do desejo
Faz me chegar de ti

Quando eu te falei em amor
Tu sorriste para mim
E o mundo ficou bem melhor
Quando eu te falei em amor
Nos sentimos os dois
Que o amanha vem depois e não no fim

André Sardet

Collide

The dawn is breaking
A light shining through
You're barely waking
And I'm tangled up in you
Yeah

But I'm open, you're closed
Where I follow, you'll go
I worry I won't see your face
Light up again

Even the best fall down sometimes
Even the wrong words seem to rhyme
Out of the doubt that fills my mind
I somehow find, you and I collide

I'm quiet, you know
You make a first impression
I've found I'm scared to know
I'm always on your mind

Even the best fall down sometimes
Even the stars refuse to shine
Out of the back you fall in time
I somehow find, you and I collide

Don't stop here
I've lost my place
I'm close behind

Even the best fall down sometimes
Even the wrong words seem to rhyme
Out of the doubt that fills your mind

You finally find, you and I collide
You finally find You and I collide
You finally findYou and I collide

Howie Day


Everything

You're a falling star, You're the get away
car.
You're the line in the sand when I go too
far.
You're the swimming pool, on an August day.
And You're the perfect thing to see.

And you play it coy, but it's kinda cute.
Ah, When you smile at me you know exactly what you
do.
Baby don't pretend, that you don't know it's
true.
Cause you can see it when I look at you.

And in this crazy life, and through these crazy
times
It's you, it's you, You make me sing.
You're every line, you're every word, you're
everything.

You're a carousel, you're a wishing well,
And you light me up, when you ring my bell.
You're a mystery, you're from outer space,
You're every minute of my everyday.

And I can't believe, uh that I'm your man,
And I get to kiss you baby just because I
can.
Whatever comes our way, ah we'll see it
through,
And you know that's what our love can do.

And in this crazy life, and through these crazy
times
It's you, it's you, You make me sing
You're every line, you're every word, you're
everything.

So, La, La, La, La, La, La, La
So, La, La, La, La, La, La, La

And in this crazy life, and through these crazy
times
It's you, it's you, You make me sing.
You're every line, you're every word, you're
everything.
You're every song, and I sing along.
Cause you're my everything.
yeah, yeah

So, La, La, La, La, La, La, La
So, La, La, La, La, La, La, La

Michael Bublé