{"id":13799183,"url":"https://github.com/glen-mac/goGetBucket","last_synced_at":"2025-05-13T06:32:37.196Z","repository":{"id":52912817,"uuid":"96290868","full_name":"glen-mac/goGetBucket","owner":"glen-mac","description":"A penetration testing tool to enumerate and analyse Amazon S3 Buckets owned by a domain.","archived":false,"fork":false,"pushed_at":"2019-03-29T02:08:45.000Z","size":36,"stargazers_count":110,"open_issues_count":0,"forks_count":38,"subscribers_count":9,"default_branch":"master","last_synced_at":"2024-08-04T00:03:45.839Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/glen-mac.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-07-05T07:37:31.000Z","updated_at":"2024-05-12T23:41:46.000Z","dependencies_parsed_at":"2022-08-29T00:41:01.900Z","dependency_job_id":null,"html_url":"https://github.com/glen-mac/goGetBucket","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/glen-mac%2FgoGetBucket","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/glen-mac%2FgoGetBucket/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/glen-mac%2FgoGetBucket/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/glen-mac%2FgoGetBucket/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/glen-mac","download_url":"https://codeload.github.com/glen-mac/goGetBucket/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225183828,"owners_count":17434194,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T00:00:59.589Z","updated_at":"2024-11-18T13:32:02.107Z","avatar_url":"https://github.com/glen-mac.png","language":"Go","funding_links":[],"categories":["Go","Bucket Enumeration Tools"],"sub_categories":[],"readme":"# goGetBucket - AWS S3 Bucket discovery through alterations and permutations\n\n\u003e Warning: code is horrible as I have only used this for personal use. When I get the time I will make it less-horrible (and faster).\n\nWhen performing a recon on a domain - understanding assets they own is very important. AWS S3 bucket permissions have been confused time and time again, and have allowed for the exposure of sensitive material.\n\nWhat this tool does, is enumerate S3 bucket names using common patterns I have identified during my time bug hunting and pentesting. Permutations are supported on a root domain name using a custom wordlist. I highly recommend the one packaged within [AltDNS](https://github.com/infosec-au/altdns).\n\nThe following information about every bucket found to exist will be returned:\n- List Permission\n- Write Permission\n- Region the Bucket exists in\n- If the bucket has all access disabled\n\n# Installation\n\n```\ngo get -u github.com/glen-mac/goGetBucket\n```\n\n# Usage\n\n`goGetBucket -m ~/tools/altdns/words.txt -d \u003cdomain\u003e -o \u003coutput\u003e -i \u003cwordlist\u003e`\n\n\n```\nUsage of ./goGetBucket:\n  -d string\n        Supplied domain name (used with mutation flag)\n  -f string\n        Path to a testfile (default \"/tmp/test.file\")\n  -i string\n        Path to input wordlist to enumerate\n  -k string\n        Keyword list (used with mutation flag)\n  -m string\n        Path to mutation wordlist (requires domain flag)\n  -o string\n        Path to output file to store log\n  -t int\n        Number of concurrent threads (default 100)\n```\n\nThroughout my use of the tool, I have produced the best results when I feed in a list (`-i`) of subdomains for a root domain I am interested in. E.G:\n```\nwww.domain.com\nmail.domain.com\ndev.domain.com\n```\n\nThe test file (`-f`) is a file that the script will attempt to store in the bucket to test write permissions. So maybe store your contact information and a warning message if this is performed during a bounty?\n\nThe keyword list (`-k`) is concatenated with the root domain name (`-d`) and the domain without the TLD to permutate using the supplied permuation wordlist (`-m`).\n\nBe sure not to increase the threads too high (`-t`) - as the AWS has API rate limiting that will kick in and start giving an undesired return code.\n\n# Screenshot\n\n\u003cimg src=\"https://i.imgur.com/ZeM5tzV.png\"\u003e\n\n# To-Do\n\n- Write better GoLang\n- Use net/http instead of the aws service libraries for go\n- Optimize the region checking\n- Optimize use of channels / passed structs\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fglen-mac%2FgoGetBucket","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fglen-mac%2FgoGetBucket","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fglen-mac%2FgoGetBucket/lists"}