Inspired by a conversation with Instacart's on HackerOne, I've optimised and published Sandcastle – a Python script for AWS S3 bucket enumeration, formerly known as bucketCrawler.
The script takes a target's name as the stem argument (e.g. shopify) and iterates through a file of bucket name permutations, such as the ones below:
- training
- bucket
- dev
- attachments
- photos
- elasticsearch