S3enum is a tool to enumerate a target’s Amazon S3 buckets. It is fast and leverages DNS instead of HTTP, which means that requests don’t hit AWS directly.
go get github.com/koenrh/s3enum
You need to specify the base name of the target (e.g.
hackerone), and a word list. You could either use the example
wordlist.txt file from this repository, or get a word list elsewhere. Optionally, you could specify the number of threads (defaults to 10).
$ s3enum –wordlist examples/wordlist.txt –suffixlist examples/suffixlist.txt –threads 10 hackerone
s3enum will use the name server as specified in
/etc/resolv.conf. Alternatively, you could specify a different name server using the
--nameserver option. Besides, you could test multiple names at the same time.
–wordlist examples/wordlist.txt \
–suffixlist examples/suffixlist.txt \
–nameserver 126.96.36.199 \
hackerone h1 roflcopter