Day 20, Web Reconnaissance Or Information Gathering — Part 5#100DaysofHacking

Get all the writeups from Day 1 to 19, Click Here Or Click Here.

In our previous blogs, we learned about how we can spider any website, this helps us to get the various files and directories which are available in that particular website.

Let’s talk about some other techniques:

Third-Party Hosting

Some websites host some files or images in third-party hosting services like Amazon S3 buckets [ Simple Storage Service]. Organizations pay some amount of money to store their files. Actually, Amazon S3 is a service of AWS, when you learn about cloud computing concepts, will get to know about it.

If an organization uses amazon s3 then it may contain some hidden files, endpoints, logs, source code, other information that might be useful for us.

Now the question is how we can find the amazon s3 bucket of any company which uses it. So, the first method is, we can do it using google dorks.

site:s3.amazonaws.com company_name

site:amazonaws.com company_name

Here you can see, we have got many results and there are many files which are hosted on s3 buckets.

some company use custom urls so, in that case companies remove s3 or aws from url so we can try some other searches:-

amazonaws s3 company_name

amazonaws bucket company_name

amazonaws company_name

s3 company_name

Another method to find s3 buckets is using an online tool, Grayhat Warfare, https://buckets.grayhatwarfare.com/, it is an online search engine which we can use to find publically exposed s3 buckets. We can use keywords related to target like target name, some project name etc.

We can use https://github.com/nahamsec/lazys3 , or

we can use https://github.com/eth0izzle/bucket-stream.git this also.

According to me, I think best method is google dorking.

Now let’s talk about github recon.

Github Recon

Github recon means, we find organization’s github repositories and try to search for sensitive data that has been accidentally committed or information that is more valuable for us.

We can also use a automated tool gitrob, https://github.com/michenriksen/gitrob.

To intall gitrob, click here

You can read this blog to read more about github recon:-

GitHub Recon - It’s Really Deep

Today will stop here,

Thank you for your time will meet in the next one with another writeup on different vulnerabilites.

Happy Learning 📖 and Happy Hacking 💻

🔈 🔈 Infosec Writeups is organizing its first-ever virtual conference and networking event. If you’re into Infosec, this is the coolest place to be, with 16 incredible speakers and 10+ hours of power-packed discussion sessions. Check more details and register here.

IWCon2022 - Infosec WriteUps Virtual Conference