Sandcastle – A Python Script For AWS S3 Bucket Enumeration

[*] Inspired by a conversation with Instacart’s @nickelser on HackerOne, I’ve optimised and published Sandcastle – a Python script for AWS S3 bucket enumeration, formerly known as bucketCrawler.The script takes a target’s name as the stem argument (e.g. shopify) and iterates through a file of bucket name permutations, such as the ones below: -training-bucket-dev-attachments-photos-elasticsearch[…] GettingRead More

S3Enum – Fast Amazon S3 Bucket Enumeration Tool For Pentesters

s3enum is a tool to enumerate a target’s Amazon S3 buckets. It is fast and leverages DNS instead of HTTP, which means that requests don’t hit AWS directly.It was originally built back in 2016 to target GitHub.Installation BinariesFind the binaries on the Releases page. Go go get github.com/koenrh/s3enum UsageYou need to specify the base nameRead More

X