The BuQuikker

This project is intended to show how easy it is to find poorly configured AWS buckets. This project is built on top of bucketeer. It should make the life of a bug-bounty hunter much easier.

The user needs to provide a list and each word in the list will be used in combination with the teh_s3_bucketeers script.

Whenever the script finds an open bucket, the teh_s3_bucketeers script will write it into result-<name-of-searchword>.txt

The “BuQuikker” project supports multithreading for faster results and is compatible with windows.

Installation

Requirement: Python3

apt install awscli

Clone the repo

git clone https://github.com/Quikko/BuQuikker.git

Credentials
Now you have to configure your AWS keys.

Follow this documentation to see how you can get your AWS keys.

aws configure

When there is a prompt for the aws_secret_access_key and aws_access_key_id give the provided keys.

You can also do it manually:

mkdir ~/.aws

Then edit/create a credentials file:

nano ~/.aws/credentials

Put your aws secret access key and aws access id in the file like this:

[default]
aws_secret_access_key = XXXXXXX
aws_access_key_id = XXXXXX

Usage

To start the script, make sure you have a “target list”.

You can use the testlist.txt to try it out quickly.

python3 BuQuikker.py -l testlist.txt

Copyright (c) 2010-2018 Google, Inc. http://angularjs.org

Source: https://github.com/Quikko/