Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Stars: ✭ 182 (-82.17%)

Mutual labels: penetration-testing, enumeration, bugbounty

Sonarsearch

A MongoDB importer and API for Project Sonars DNS datasets

Stars: ✭ 297 (-70.91%)

Mutual labels: penetration-testing, enumeration, bugbounty

Nosqlmap

Automated NoSQL database enumeration and web application exploitation tool.

Stars: ✭ 1,928 (+88.83%)

Mutual labels: penetration-testing, enumeration, bugbounty

Reconky-Automated Bash Script

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

Stars: ✭ 167 (-83.64%)

Mutual labels: enumeration, penetration-testing, bugbounty

Interlace

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

Stars: ✭ 760 (-25.56%)

Mutual labels: penetration-testing, enumeration, bugbounty

Osmedeus

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Stars: ✭ 3,391 (+232.13%)

Mutual labels: penetration-testing, bugbounty

Ctf Notes

Everything needed for doing CTFs

Stars: ✭ 304 (-70.23%)

Mutual labels: penetration-testing, enumeration

A Red Teamer Diaries

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Stars: ✭ 382 (-62.59%)

Mutual labels: penetration-testing, enumeration

YAPS

Yet Another PHP Shell - The most complete PHP reverse shell

Stars: ✭ 35 (-96.57%)

Mutual labels: penetration-testing, bugbounty

Hosthunter

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Stars: ✭ 427 (-58.18%)

Mutual labels: penetration-testing, bugbounty

Domained

Multi Tool Subdomain Enumeration

Stars: ✭ 688 (-32.62%)

Mutual labels: enumeration, bugbounty

Cloudbrute

Awesome cloud enumerator

Stars: ✭ 268 (-73.75%)

Mutual labels: s3-bucket, bugbounty

Writeups

This repository contains writeups for various CTFs I've participated in (Including Hack The Box).

Stars: ✭ 61 (-94.03%)

Mutual labels: enumeration, penetration-testing

PandorasBox

Security tool to quickly audit Public Box files and folders.

Stars: ✭ 56 (-94.52%)

Mutual labels: penetration-testing, bugbounty

Rapidscan

🆕 The Multi-Tool Web Vulnerability Scanner.

Stars: ✭ 775 (-24.09%)

Mutual labels: penetration-testing, enumeration

Vhostscan

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Stars: ✭ 767 (-24.88%)

Mutual labels: penetration-testing, bugbounty

Subdomainizer

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

Stars: ✭ 915 (-10.38%)

Mutual labels: s3-bucket, bugbounty

Payloads

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

Stars: ✭ 421 (-58.77%)

Mutual labels: penetration-testing, bugbounty

View All Similar Projects ➔

AWSBucketDump

AWSBucketDump is a tool to quickly enumerate AWS S3 buckets to look for loot. It's similar to a subdomain bruteforcer but is made specifically for S3 buckets and also has some extra features that allow you to grep for delicious files as well as download interesting files if you're not afraid to quickly fill up your hard drive.

@ok_bye_now

Pre-Requisites

Non-Standard Python Libraries:

xmltodict
requests
argparse

Created with Python 3.6

Install with virtualenv

source venv/bin/activate
pip install -r requirements.txt

General

This is a tool that enumerates Amazon S3 buckets and looks for interesting files.

I have example wordlists but I haven't put much time into refining them.

https://github.com/danielmiessler/SecLists will have all the word lists you need. If you are targeting a specific company, you will likely want to use jhaddix's enumall tool which leverages recon-ng and Alt-DNS.

https://github.com/jhaddix/domain && https://github.com/infosec-au/altdns

As far as word lists for grepping interesting files, that is completely up to you. The one I provided has some basics and yes, those word lists are based on files that I personally have found with this tool.

Using the download feature might fill your hard drive up, you can provide a max file size for each download at the command line when you run the tool. Keep in mind that it is in bytes.

I honestly don't know if Amazon rate limits this, I am guessing they do to some point but I haven't gotten around to figuring out what that limit is. By default there are two threads for checking buckets and two buckets for downloading.

After building this tool, I did find an interesting article from Rapid7 regarding this research.

Usage:

usage: AWSBucketDump.py [-h] [-D] [-t THREADS] -l HOSTLIST [-g GREPWORDS] [-m MAXSIZE]

optional arguments:
  -h, --help    show this help message and exit
  -D            Download files. This requires significant diskspace
  -d            If set to 1 or True, create directories for each host w/ results
  -t THREADS    number of threads
  -l HOSTLIST
  -g GREPWORDS  Provide a wordlist to grep for
  -m MAXSIZE    Maximum file size to download.

 python AWSBucketDump.py -l BucketNames.txt -g interesting_Keywords.txt -D -m 500000 -d 1

Contributors

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 1,021

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (4) 🔗