This is a simple yet powerful Bash script designed for bug bounty hunters and security researchers. The tool takes a list of subdomains as input and a keyword, then generates various permutations that can be used to identify cloud storage buckets across different cloud providers (AWS S3, Google Cloud Storage, DigitalOcean Spaces, etc.).
β
Reads subdomains from a file π
β
Takes a keyword as input π
β
Generates different permutations to aid in bucket discovery ποΈ
β
Saves the output in a text file for further use π
β
Helps in identifying misconfigured cloud storage buckets π
1οΈβ£ Clone the repository
git clone https://github.com/povzayd/bucketgen.git
cd bucketgen2οΈβ£ Make the script executable
chmod +x bucketgen.sh3οΈβ£ Run the script
./bucketgen.sh4οΈβ£ Provide Inputs
- Enter the path to your subdomain file (e.g.,
subdomains.txt) - Enter the keyword to be used for permutations (e.g.,
backup,test,storage)
5οΈβ£ Check the output file
- The output will be saved in a file named
<keyword>.txt - Use this file to search for potential misconfigured cloud storage buckets
example
myapp
company
storage
storage-example
storage_example
example-storage
example_storage
storage-myapp
storage_myapp
myapp-storage
myapp_storage
storage-company
storage_company
company-storage
company_storage
- Use the output file to brute-force cloud storage services
- Try different keywords (e.g.,
test,dev,backup,logs) - Use tools like
ffuforgauto find exposed bucket URLs
This tool is intended for educational and ethical security testing purposes only. Unauthorized access to data or systems you do not own is illegal. Always obtain proper permission before conducting security research.
Happy Hacking! ππ»