Skip to content

Releases: redhuntlabs/BucketLoot

V2

13 Nov 14:01
fb589f4
Compare
Choose a tag to compare

Announcing BucketLoot V2!

Our first update ever since the release of BucketLoot V1 during BlackHat USA 2023! Comes with a bunch of new and useful features and major improvements and fixes.

What’s new in BucketLoot V2?

🐞 Bug fixes and performance improvements for running the scan at scale seamlessly
🔔 Webhook Notifications: Get notified whenever the tool discovers security exposures through webhooks on Discord and Slack using the -notify flag [Requires additional configuration, refer to the tool documentation for more details.]
🛠️ Dig mode: Want to quickly check for misconfigured object storage (bucket) instances in a bunch of non-s3 domains? Use -dig flag to quickly scrape the target domain’s response body, extract URLs and check them for misconfigured buckets.
🚨Sensitive File Checks: BucketLoot now by default also looks for sensitive file names and extensions thus increasing the scan capabilities and unlocking new attack surfaces.
⬆️ Improved Signatures: BucketLoot now supports 80+ unique and improved signatures for scanning secrets and 80+ signatures for sensitive file checks as well

We look forward to our BlackHat MEA presentation tomorrow and cannot wait to hear your feedback. Until then brace yourselves for the next big update!

v1

17 Jul 09:35
Compare
Choose a tag to compare
v1

Features

  • Secret Scanning
  • Asset Extraction
  • Searching