hacktricks/network-services-pentesting/pentesting-web/buckets/README.md

# Buckets

<details>

<summary><strong>HackTricks in </strong><a href="https://twitter.com/carlospolopm"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch</strong></a> <strong>Wed - 18.30(UTC) 🎙️</strong> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>

- Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!

- Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)

- Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)

- **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**

- **Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)**.

</details>

[BBOT](https://github.com/blacklanternsecurity/bbot) automates bucket enumeration. Supported cloud providers are: AWS, Google, Azure, DigitalOcean, and Firebase.

Buckets are discovered based on web content and derivatives of discovered DNS names. For example, if your target is `tesla.com` and BBOT discovers a subdomain `www.tesla.com`, it will visit the website and extract bucket names from its HTML content. Additionally, it will try each of the following bucket names:
- `www.tesla.com`
- `www.tesla`
- `www-tesla-com`
- `www-tesla`
- `wwwteslacom`
- `wwwtesla`

For each bucket found, BBOT will check whether it's open (world-readable) and also whether it's vulnerable to [subdomain hijacking](pentesting-web/domain-subdomain-takeover.md). Note that buckets discovered with the `bucket_*` modules are not guaranteed to be owned by the target.

~~~bash
# enumerate buckets for evilcorp.com
bbot -t evilcorp.com -f subdomain-enum cloud-enum

# single cloud provider + permutations (-dev, -test, etc.)
bbot -t evilcorp.com -m bucket_aws -c modules.bucket_aws.permutations=true
~~~

A good tool to review your configuration in several clouds is: [https://github.com/nccgroup/ScoutSuite](https://github.com/nccgroup/ScoutSuite)

[**AWS S3 hacking tricks**](broken-reference)

**More info:**

* [https://www.notsosecure.com/cloud-services-enumeration-aws-azure-and-gcp/](https://www.notsosecure.com/cloud-services-enumeration-aws-azure-and-gcp/)
* [https://www.notsosecure.com/exploiting-ssrf-in-aws-elastic-beanstalk/](https://www.notsosecure.com/exploiting-ssrf-in-aws-elastic-beanstalk/)
* [https://www.notsosecure.com/identifying-exploiting-leaked-azure-storage-keys/](https://www.notsosecure.com/identifying-exploiting-leaked-azure-storage-keys/)

<details>

<summary><strong>HackTricks in </strong><a href="https://twitter.com/carlospolopm"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch</strong></a> <strong>Wed - 18.30(UTC) 🎙️</strong> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>

- Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!

- Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)

- Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)

- **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**

- **Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)**.

</details>
GitBook: [#3177] No subject 2022-05-04 11:25:25 +00:00			`# Buckets`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`<details>`

social 2023-03-05 23:16:20 +00:00			`<summary><strong>HackTricks in </strong><a href="https://twitter.com/carlospolopm"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch</strong></a> <strong>Wed - 18.30(UTC) 🎙️</strong> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
change support text 2022-09-09 11:28:04 +00:00			`- Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access to the latest version of the PEASS or download HackTricks in PDF? Check the [SUBSCRIPTION PLANS](https://github.com/sponsors/carlospolop)!`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
change support text 2022-09-09 11:28:04 +00:00			`- Discover [The PEASS Family](https://opensea.io/collection/the-peass-family), our collection of exclusive [NFTs](https://opensea.io/collection/the-peass-family)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
change support text 2022-09-09 11:28:04 +00:00			`- Get the [official PEASS & HackTricks swag](https://peass.creator-spring.com)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
change support text 2022-09-09 11:28:04 +00:00			`- Join the [💬](https://emojipedia.org/speech-balloon/) [Discord group](https://discord.gg/hRep4RUj7f) or the [telegram group](https://t.me/peass) or follow me on Twitter [🐦](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[@carlospolopm](https://twitter.com/carlospolopm).`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
hacktricks twitch 2022-12-05 22:29:21 +00:00			`- Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud).`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`

BBOT for bucket enumeration, subdomain takeover 2023-03-21 21:10:11 +00:00			`[BBOT](https://github.com/blacklanternsecurity/bbot) automates bucket enumeration. Supported cloud providers are: AWS, Google, Azure, DigitalOcean, and Firebase.`

			Buckets are discovered based on web content and derivatives of discovered DNS names. For example, if your target is `tesla.com` and BBOT discovers a subdomain `www.tesla.com`, it will visit the website and extract bucket names from its HTML content. Additionally, it will try each of the following bucket names:
			- `www.tesla.com`
			- `www.tesla`
			- `www-tesla-com`
			- `www-tesla`
			- `wwwteslacom`
			- `wwwtesla`

			For each bucket found, BBOT will check whether it's open (world-readable) and also whether it's vulnerable to [subdomain hijacking](pentesting-web/domain-subdomain-takeover.md). Note that buckets discovered with the `bucket_*` modules are not guaranteed to be owned by the target.

			`~~~bash`
			`# enumerate buckets for evilcorp.com`
			`bbot -t evilcorp.com -f subdomain-enum cloud-enum`

			`# single cloud provider + permutations (-dev, -test, etc.)`
			`bbot -t evilcorp.com -m bucket_aws -c modules.bucket_aws.permutations=true`
			`~~~`

GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`A good tool to review your configuration in several clouds is: [https://github.com/nccgroup/ScoutSuite](https://github.com/nccgroup/ScoutSuite)`

GitBook: [#3177] No subject 2022-05-04 11:25:25 +00:00			`[AWS S3 hacking tricks](broken-reference)`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
			`More info:`

			`* [https://www.notsosecure.com/cloud-services-enumeration-aws-azure-and-gcp/](https://www.notsosecure.com/cloud-services-enumeration-aws-azure-and-gcp/)`
			`* [https://www.notsosecure.com/exploiting-ssrf-in-aws-elastic-beanstalk/](https://www.notsosecure.com/exploiting-ssrf-in-aws-elastic-beanstalk/)`
			`* [https://www.notsosecure.com/identifying-exploiting-leaked-azure-storage-keys/](https://www.notsosecure.com/identifying-exploiting-leaked-azure-storage-keys/)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`<details>`

social 2023-03-05 23:16:20 +00:00			`<summary><strong>HackTricks in </strong><a href="https://twitter.com/carlospolopm"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch</strong></a> <strong>Wed - 18.30(UTC) 🎙️</strong> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
change support text 2022-09-09 11:28:04 +00:00			`- Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access to the latest version of the PEASS or download HackTricks in PDF? Check the [SUBSCRIPTION PLANS](https://github.com/sponsors/carlospolop)!`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
change support text 2022-09-09 11:28:04 +00:00			`- Discover [The PEASS Family](https://opensea.io/collection/the-peass-family), our collection of exclusive [NFTs](https://opensea.io/collection/the-peass-family)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
change support text 2022-09-09 11:28:04 +00:00			`- Get the [official PEASS & HackTricks swag](https://peass.creator-spring.com)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
change support text 2022-09-09 11:28:04 +00:00			`- Join the [💬](https://emojipedia.org/speech-balloon/) [Discord group](https://discord.gg/hRep4RUj7f) or the [telegram group](https://t.me/peass) or follow me on Twitter [🐦](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[@carlospolopm](https://twitter.com/carlospolopm).`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
hacktricks twitch 2022-12-05 22:29:21 +00:00			`- Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud).`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`