New open-source scanner exposes Amazon’s AWS storage buckets

Share post:

Security researcher Eilon Harel was able to uncover Amazon’s AWS S3 storage buckets using an open-source “Secrets Scanner.”

Amazon S3 (Simple Storage Service) is a cloud storage service used by organizations to store software, services and data in containers marked as buckets. Unable to properly back up their S3 buckets, organizations make stored data publicly available to the internet.

To exploit this loophole, Harel created a Python tool called “S3crets Scanner,” which performs specific actions, including using CSPM to get a list of public buckets, listing the bucket content via API queries, searching for exposed textual files, downloading the relevant textual files, downloading the relevant textual files, searching the contents for secrets, and forwarding the results to SIEM.

When scanning a bucket, the script examines the content of text files using the Trufflehog3 tool. The tool is an improved Go-based version of the secret scanner that can search GitHub, GitLab, file systems and S3 buckets for credentials and private keys.

Trafflehog3 scans the files downloaded by S3crets using a custom rule designed by Harel which target personally identifiable information (PII) exposure and internal access tokens.

However, the scanner only lists S3 buckets that have the following configurations set to ‘False.’

All buckets that are supposed to be public are filtered out of the list before the textual files are downloaded for the “secrets scanning” step.

The researcher explain that the scanner can be used to scan an organization’s assets, ultimately helping to minimize the likelihood of data leaks or network breaches resulting from the exposure of secrets.

The sources for this piece include an article in BleepingComputer.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, March 29, 2024 – PyPI repository shuts to stop malicious uploads, a plea to developers to stop creating apps with SQL...

This episode reports on a US$10 million reward for a ransomware gang, a new Linux version of a backdoor

Cyber Security Today, March 27, 2024 – A botnet exploits old routers, a new malware loader discovered, and more warnings about downloading code from...

This episode reports on a new network of 40,000 infected small and home office routers and other devices that are part of a criminal botnet

Cyber Security Today, March 25, 2024 – A suspected China threat actor going after unpatched F5 and ScreenConnet installations

This episode reports on a new campaign stealing email passwords ,the latest data breaches

A hacker’s view of the civic infrastructure: Hashtag Trending, the Weekend Edition for March 23rd, 2024

What does the civic infrastructure look like through the eyes of a hacker? The legendary general Sun Tzu in the Art of War said that in order to defeat your enemy, you must first understand your enemy. How do you do this? He said, “to know your enemy, you must become your enemy.” If we

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways