1) Default listing (quick reconnaissance)
gobucket https://example-bucket-public.s3.amazonaws.com/2) Folder-only listing
gobucket https://example-bucket-public.s3.amazonaws.com/ --folder-only3) Search for AWS access key IDs
gobucket https://example-bucket-public.s3.amazonaws.com/ \
--regex "((?:ASIA|AKIA|AROA|AIDA)([A-Z0-7]{16}))" \
--timeout 2m4) Search with a wordlist
gobucket https://example-bucket-public.s3.amazonaws.com/ \
--wordlist ./ioc-terms.txt \
--timeout 2m5) Search only likely text files
gobucket https://example-bucket-public.s3.amazonaws.com/ \
--regex "(?i)password|secret|token" \
--include "\\.(txt|json|env|yaml|yml|log)$" \
--text-only6) Download all files
gobucket https://example-bucket-public.s3.amazonaws.com/ \
--download ./dump \
--timeout 5m7) Download flattened
gobucket https://example-bucket-public.s3.amazonaws.com/ \
--download ./dump-flat \
--flatten \
--overwrite8) Bruteforce when listing is blocked
gobucket bruteforce https://example-bucket-public.s3.amazonaws.com/ \
--wordlist ./keys.txt \
--extensions ".txt,.env,.bak" \
--method HEAD9) Authenticated bucket
gobucket https://example-private-bucket.s3.amazonaws.com/ \
--auth-mode sigv4 \
--access-key "$AWS_ACCESS_KEY_ID" \
--secret-key "$AWS_SECRET_ACCESS_KEY" \
--region us-east-110) Machine-readable JSON output
gobucket https://example-bucket-public.s3.amazonaws.com/ \
--regex "(?i)secret|token" \
--format json