Abstract
Thousands of S3 buckets are left exposed over the internet, making it a prime target for malicious actors who may extract sensitive information from the files in these buckets that can be associated with an individual or an organisation. There is limited research or tooling available that leverages such S3 buckets for looking up secret exposures and searching specific keywords or regular expression patterns within textual files.
BucketLoot is an automated S3 Bucket Inspector that can simultaneously scan all the textual files present within an exposed S3 bucket from platforms such as AWS, DigitalOcean etc.
It scans the exposed textual files for:
- Secret Exposures
- Assets (URLs, Domains, Subdomains)
- Specific keywords | Regex Patterns (provided by the user)
The end user can even search for string based keywords or provide custom regular expression patterns that can be matched with the contents of these exposed textual files.
All of this makes BucketLoot a great recon tool for bug hunters as well as professional pentesters.
The tool allows users to save the output in a JSON format which makes it easier to pass the results as an input to some third-party product or platform.