umair9747

umair9747 / bucky

Public

An S3 account ID enumeration and bucket discovery tool

amazon-web-services aws bug-bounty bugbounty bughunting
15
0
100% credibility
Found Mar 20, 2026 at 15 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Go
AI Summary

Bucky is a tool that identifies the owning account of an accessible AWS S3 bucket and discovers additional buckets from the same account by testing common naming patterns.

How It Works

1
🕵️ Spot an open storage bucket

You find a company's publicly viewable online storage bucket and wonder what else they might have.

2
🔐 Set up safe access permission

In your own cloud account, you create a special permission that lets you peek at that bucket without full access.

3
📥 Get Bucky ready

You download and prepare Bucky, the handy discovery helper, on your computer with a simple command.

4
🎯 Start the discovery

You provide Bucky with the known bucket name, your permission details, and a list of common storage names to check.

5
🔍 Watch it uncover secrets

Bucky figures out the owner's unique identifier step by step, then quickly tests names to reveal more hidden buckets.

See your full list

You get a complete report of the account details, regions, and all discovered storage buckets ready to review.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 15 to 15 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is bucky?

Bucky is a Go CLI tool for AWS S3 reconnaissance: feed it one accessible bucket, and it enumerates the owning 12-digit account ID using IAM session policies with the s3:ResourceAccount condition, then fuzzes wordlists to uncover sibling buckets in the new account-regional namespace like name-accountID-region-an. It solves account enumeration reconnaissance by chaining ID discovery (under 120 API calls) with concurrent bucket hunting across regions, outputting account details, regions, and hits in console or JSON. No more manual guessing—handles S3 URIs, multiple targets, and auto-detects regions.

Why is it gaining traction?

It stands out with a one-shot workflow (bucky --bucket target --wordlist default.txt), subcommands for enum or fuzz-only, built-in wordlists for common patterns like backups-logs-prod, and env var support for creds/role ARNs. Developers dig the progress bars, worker concurrency up to 20+, and JSON exports for chaining into pipelines, skipping the hassle of scripting STS assumes or region chases. In account enumeration OWASP talks or recon defender scenarios, it's a quick win over generic fuzzers.

Who should use this?

Red teamers and pentesters probing AWS footprints during engagements, bug bounty hunters chasing S3 misconfigs after finding one leaky bucket, or security auditors mapping account enumeration reconnaissance in client environments. Ideal for those with IAM roles granting target access, targeting orgs slow to adopt regional namespaces.

Verdict

Grab it for niche S3 recon if you need account enumeration firepower—docs are thorough with IAM setup guides, install is go install simple, and it Just Works. But with 15 stars and 1.0% credibility score, it's early days; test in labs first as maturity lags big tools.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.