BucketLoot: Automated S3-Compatible Bucket Inspector

Estimated read time 2 min read

Introducing BucketLoot, a newly launched automated S3-compatible bucket inspector designed to bolster cybersecurity measures.

This powerful tool can extract assets, flag secret exposures, and search for custom keywords or Regular Expressions from publicly exposed storage buckets by scanning plaintext data files.

Details of the Tool

BucketLoot, accessible via GitHub, can scan storage buckets deployed across various platforms, including Amazon Web Services (AWS), Google Cloud Storage (GCS), DigitalOcean Spaces, and even custom domains or URLs linked to these platforms.

BucketLoot tool
BucketLoot tool

It presents its findings in a user-friendly JSON format, allowing users to parse the output as needed or forward it to other tools for further analysis.

Key features of BucketLoot include:

  • Scanning for secret exposures
  • Extracting assets such as URLs, subdomains, and domains
  • Searching for custom keywords or regex queries

By operating in a guest mode by default, BucketLoot doesn’t require any API tokens or access keys to initiate a scan. It is capable of scraping up to 1000 files returned in an XML response. For more comprehensive scans, users can provide platform credentials.

BucketLoot at Black Hat USA 2023

BucketLoot was recently showcased at the esteemed Black Hat USA 2023 cybersecurity conference. More information can be found on the official event page.

  • Download the tool from Github (Download)
Reza Rafati https://cyberwarzone.com

Reza Rafati, based in the Netherlands, is the founder of Cyberwarzone.com. An industry professional providing insightful commentary on infosec, cybercrime, cyberwar, and threat intelligence, Reza dedicates his work to bolster digital defenses and promote cyber awareness.

You May Also Like

More From Author