Alsalamoalaykom my brothers
thanks for the great tool, it helped me to find 2 open buckets which i reported and many other duplicates
when i used the tool multiple times at the same target i noticed the following:
the tool didn't give the same results at every time , actually the most of results are different
so after analyzing the code i noticed the following
result=$(curl -m 5 -s -X 'GET' -o/dev/null -w '%{http_code}' -I http://${bucket_name}.s3.amazonaws.com/?max-keys=1)
in this line the tool requesting the site bucketname.s3.amazonaws.com
if [[ ${result} == "403" ]]; then
if the result status code is 403 it continue to the next block
the problem here is that some buckets when requested it result in 404 status code , yet still exist (i don't know why but this is what is happening-you can try it with burpsuite)
so the tools missing a lot of open buckets at the time of execution
I updated the code to the following:
if [[ ${result} == "403" || ${result} == "404" ]]; then sudo aws s3 ls s3://${bucket_name} &> aws.txt;
here i added the response code 404 and save the output of listing files in aws.txt
and
if [[ $? == 0 ]]; then echo "[${GREEN}FOUND${NORMAL}] https://${bucket_name}.s3.amazonaws.com"; echo "https://${bucket_name}.s3.amazonaws.com" >> ${RESULT_FILE} else cat aws.txt | grep -E -q "AccessDenied|AllAccessDisabled"; if [[ $? == 0 ]]; then echo "[${RED}FOUND${NORMAL}] https://${bucket_name}.s3.amazonaws.com"; fi fi
if the execution code of ls was not 0 (255 for both access denied and no such bucket)
if the response of listing bucket which we save in aws.txt contain AccessDenied or AllAccessDisabled (status code of grep become 0), this means the bucket exists so it print it
the modifications is straight and should work well, however it give me alot of false positives i think because of the multi threading
I hope you see this issue soon and update the tool so that it contains all existing buckets.
Best regards,
Ahmed.

Hi @tomdev,

First, just wanted to say great work with Bucketeers. I've decided to cease development of my Sandcastle tool; please feel free to incorporate the extended bucket prefix list from the project (some are already present in common-bucket-prefixes.txt). A de-duplicated version can be found below:

https://gist.github.com/yasinS/9e77cecd2fe8b275006f0436c6443a13

Thanks!

sorry for this mistake

Inform the user when the required credentials are not configured.

when I run script it just give me one result and do not do anything else as below

./bucketeer.sh momo

  _       _            _____   _                _        _                 
 | |     | |          |____ | | |              | |      | |                
 | |_ ___| |__    ___     / / | |__  _   _  ___| | _____| |_ ___  ___ _ __ 
 | __/ _ \ '_ \  / __|    \ \ | '_ \| | | |/ __| |/ / _ \ __/ _ \/ _ \ '__|
 | ||  __/ | | | \__ \.___/ / | |_) | |_| | (__|   <  __/ ||  __/  __/ |   
  \__\___|_| |_| |___/\____/  |_.__/ \__,_|\___|_|\_\___|\__\___|\___|_|   

[FOUND] https://momo.s3.amazonaws.com