Announcing BucketLoot V2!
Our first update ever since the release of BucketLoot V1 during BlackHat USA 2023! Comes with a bunch of new and useful features and major improvements and fixes.What’s new in BucketLoot V2?
🐞 Bug fixes and performance improvements for running the scan at scale seamlessly🔔 Webhook Notifications: Get notified whenever the tool discovers security exposures through webhooks on Discord and Slack using the -notify flag [Requires additional configuration, refer to the tool documentation for more details.]
🛠️ Dig mode: Want to quickly check for misconfigured object storage (bucket) instances in a bunch of non-s3 domains? Use -dig flag to quickly scrape the target domain’s response body, extract URLs and check them for misconfigured buckets.
🚨Sensitive File Checks: BucketLoot now by default also looks for sensitive file names and extensions thus increasing the scan capabilities and unlocking new attack surfaces.
⬆️ Improved Signatures: BucketLoot now supports 80+ unique and improved signatures for scanning secrets and 80+ signatures for sensitive file checks as well
We look forward to our BlackHat MEA presentation tomorrow and cannot wait to hear your feedback. Until then brace yourselves for the next big update!