Skip to content

Instantly share code, notes, and snippets.

View the-xentropy's full-sized avatar
🐟
Anglin'

Sam the-xentropy

🐟
Anglin'
View GitHub Profile
@the-xentropy
the-xentropy / gist:05ab1c5efd7ae7651b14e0fb85c6312c
Created January 6, 2020 19:19
Use wfuzz or ffuf to enumerate s3
Ffuf (faster):
ffuf -u "https://s3.REGION.amazonaws.com/COMPANYDELIMITERENVIRONMENT" -w "aws-regions.txt:REGION" -w "company.txt:COMPANY" -w "delimiters.txt:DELIMITER" -w "/usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt:ENVIRONMENT" -mc 200 -v
Wfuzz:
wfuzz -u "https://s3.FUZZ.amazonaws.com/FUZ2ZFUZ3ZFUZ4Z" -w aws-regions.txt -w company.txt -w delimiters.txt -w "/usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt" --sc 200 -v -t 50
The files:

Keybase proof

I hereby claim:

  • I am the-xentropy on github.
  • I am xentropy (https://keybase.io/xentropy) on keybase.
  • I have a public key ASDjQpSquUBHcUw87ugjWxYKELEA5Vhq3fnF16gvzrSp6Ao

To claim this, I am signing this object: