mass3: Quickly enumerate through a pre-compiled list of AWS S3 buckets
mass3
Quickly enumerate through a pre-compiled list of AWS S3 buckets using DNS instead of HTTP with a list of DNS resolvers and multi-threading. Warning: Be aware that this is really shitty golang code.
Install
go get -u github.com/smiegles/mass3
Use
mass3 -w ./lists/buckets.txt -r ./lists/resolvers.txt -t 100
| argument | explanation |
|---|---|
| -w | The wordlist with all the pre-compiled S3 buckets (bucketname.s3.amazonaws.com) |
| -r | List with all the resolvers |
| -t | The amount of threads to use, 10 is default |
Questions & Answers
Q: Why not generate all the “potential” s3 bucket names in the tool?
A: This tool doesn’t know the recon you’ve already collected, for example, subdomains. When you have a huge list of subdomains you can run alt-dns over it and try to find other S3 buckets that might not have a DNS record configured (yet).
Q: The tool returns weird non-existing buckets
A: The tool relies on the lists/resolvers.txt file to be accurate without any “bad” resolvers. You can use fresh.sh to clean up the list of resolvers.
Q: How many threads should I use?
A: Depends on your resources, I personally use 500 threads which seems to work fine for me.
Copyright (c) 2018 Olivier beg
Source: https://github.com/smiegles/
