Bucket Stream

LSE toolsLSE toolsBucket Stream (362)Bucket Stream (362)

Tool and Usage

Project details
LicenseMIT
Programming languagePython
AuthorPaul Price
Latest releaseNo release found

Project health

64
This score is calculated by different factors, like project age, last release date, etc.

Why this tool?

Bucket Stream can be used to discover AWS S3 buckets. This tool may be helpful during reconnaissance and security assessments. As it does not include active scanning on the target itself, it is a passive way of finding information. This is a huge benefit, as you don't have to guess or brute-force the names.

How it works

Bucket Stream uses the Certificate Transparency Log (CTL) to find new certificates. It uses CertStream for the input of available certificates. The tool analyzes the entries it receives and shows the AWS S3 buckets.

Usage and audience

Bucket Stream is commonly used for discovery of sensitive information, information leak detection, penetration testing, or reconnaissance. Target users for this tool are pentesters and security professionals.

Features

  • Command line interface

Example usage and output

It is highly recommended to enter AWS keys in config.yaml otherwise you will be severely rate limited! You might want to run with --ignore-rate-limiting
No AWS keys, reducing threads to 5 to help with rate limiting.
Waiting for Certstream events - this could take a few minutes to queue up...
140 buckets checked (28b/s), 0 buckets found
252 buckets checked (22b/s), 0 buckets found
369 buckets checked (23b/s), 0 buckets found
486 buckets checked (23b/s), 0 buckets found
600 buckets checked (23b/s), 0 buckets found
711 buckets checked (22b/s), 0 buckets found
820 buckets checked (22b/s), 0 buckets found
933 buckets checked (23b/s), 0 buckets found
1045 buckets checked (22b/s), 0 buckets found
1161 buckets checked (23b/s), 0 buckets found
1268 buckets checked (21b/s), 0 buckets found
1361 buckets checked (19b/s), 0 buckets found
1478 buckets checked (23b/s), 0 buckets found
1595 buckets checked (23b/s), 0 buckets found
1700 buckets checked (21b/s), 0 buckets found
1811 buckets checked (22b/s), 0 buckets found
1924 buckets checked (23b/s), 0 buckets found
2038 buckets checked (23b/s), 0 buckets found
2152 buckets checked (23b/s), 0 buckets found
Found bucket 'http://example.s3.us-east-2.amazonaws.com/'
2270 buckets checked (24b/s), 1 buckets found
2387 buckets checked (23b/s), 1 buckets found
2502 buckets checked (23b/s), 1 buckets found
2613 buckets checked (22b/s), 1 buckets found
Bucket Stream discovered a S3 bucket
usage: python bucket-stream.py

Find interesting Amazon S3 Buckets by watching certificate transparency logs.

optional arguments:
-h, --help show this help message and exit
--only-interesting Only log 'interesting' buckets whose contents match
anything within keywords.txt (default: False)
--skip-lets-encrypt Skip certs (and thus listed domains) issued by Let's
Encrypt CA (default: False)
-t , --threads Number of threads to spawn. More threads = more power.
Limited to 5 threads if unauthenticated. (default: 20)
--ignore-rate-limiting
If you ignore rate limits not all buckets will be
checked (default: False)
-l, --log Log found buckets to a file buckets.log (default:
False)

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:

Strengths

  • + Tool is easy to use
  • + The source code of this software is available

Weaknesses

  • - No releases on GitHub available

Author and Maintainers

Bucket Stream is under development by Paul Price.

Installation

Supported operating systems

Bucket Stream is known to work on Linux.

Bucket Stream alternatives

Similar tools to Bucket Stream:

74

Bucket Finder

Bucket Finder is one of the available security tools to discover AWS S3 buckets. Read the review and how it works.

64

BuQuikker

BuQuikker is a security tool to scan the Amazon S3 storage service. Its goal is to find open and unprotected S3 buckets.

56

inSp3ctor

The inSp3ctor tool helps to find S3 buckets and objects on Amazon's AWS platform. Read the review and see how it works.

All Bucket Stream alternatives

Found an improvement? Help the community by submitting an update.

Related tool information

Categories

This tool is categorized as a Amazon S3 bucket scanner and password sniffing tool.

Related terms