Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-22 12:43:23 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/network-services-pentesting/pentesting-web/buckets
History
carlospolop 5ec5b67e79 update twitter
2023-04-25 20:35:28 +02:00
..
firebase-database.md update twitter 2023-04-25 20:35:28 +02:00
README.md update twitter 2023-04-25 20:35:28 +02:00

README.md

Buckets

☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - 🎙️ Twitch 🎙️ - 🎥 Youtube 🎥

You can use BBOT to enumerate storage buckets. Supported providers are: AWS, Google, Azure, DigitalOcean, and Firebase.

Buckets are discovered from web content and enumerated based on derivatives of discovered DNS names. For example, if your target is tesla.com and BBOT discovers a subdomain www.tesla.com, it will visit the website and extract bucket names from its HTML content. Additionally, it will try each of the following bucket names:

  • www.tesla.com
  • www.tesla
  • www-tesla-com
  • www-tesla
  • wwwteslacom
  • wwwtesla

For each bucket found, BBOT will check whether it's open (world-readable) and also whether it's vulnerable to subdomain takeover. Note that buckets discovered with the bucket_* modules are not guaranteed to be owned by the target.

# enumerate buckets for evilcorp.com
bbot -t evilcorp.com -f subdomain-enum cloud-enum

# single cloud provider + permutations (-dev, -test, etc.)
bbot -t evilcorp.com -m bucket_aws -c modules.bucket_aws.permutations=true

A good tool to review your configuration in several clouds is: https://github.com/nccgroup/ScoutSuite

AWS S3 hacking tricks

More info:

☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - 🎙️ Twitch 🎙️ - 🎥 Youtube 🎥