Hostnames S3 Bucket Finder

Exposed cloud resources like storage buckets might contain important information no one should see. If these resources aren't properly protected, someone who shouldn't have access could get their hands on sensitive data, like passwords or personal information. This could lead to problems like data breaches or identity theft. \ \ This workflow finds your buckets based on the hostnames provided by using permutations and brute-forcing the bucket names.

Complexity: basic

Category: Attack Surface Management

Workflow

Tools

Setup

You can set up this workflow by changing following input value:

TARGETS - provide a file containing hostnames list, as a target

Hostnames S3 Bucket Finder Workflow Targets Setup — Workflow Targets Setup

Execution and results

After setup workflow is ready to be executed. Once workflow's last node, get-buckets script, is finished result can be viewed and downloaded.

get-buckets script will contain all of the found buckets based on the hostnames provided.

Try it out!

This workflow is available in the Library, you can copy it and execute it immediately!

Improve this workflow

Brute-force through #batch-output
Add arbitrary credentials to check for bucket permissions
Download exposed files and directories on buckets found
Use notify to send message for newly found misconfigured buckets

IT Asset Discovery's Role in Enhancing Cybersecurity Measures