$ git blame 1: michenriksen/bucketlist
$ git blame
Hello and welcome. This will be an ongoing series of short posts where I outline the minor commits I make to security related OSS.
The first tool I contributed to was bucketlist, by Michael Henriksen.
Bucketlist is a
ruby and PostgreSQL backed Amazon Simple Cloud Storage Service enumerator and crawler. It takes a provided wordlist, and a builtin list of permutations, and uses them to programmically generate and check for open s3 buckets.
Bucketlist runs numerous permutations of each wordlist item. Each of these is checked, and additionally all valid buckets are printed out to the console - whether they are publically accessible or private. This results in a huge flood of information to the console, much of which wasn’t always relevant to my use-case.
My goal was to add optional flags to Bucketlist that would allow the operator to specify whether they want information on private buckets printed, and whether they want the wordlist permuted.
For this flag, changes were made to both
Added OptionParser with
Placed console output code for private buckets inside a conditional
This flag was only added to
Code changes involved:
Placing the code to
yieldthe permutations inside a conditional