To let red-teamers find the Amazon S3 buckets, a security researcher has made a tool called S3crets scanner for free.
Upon finding the exposed Amazon S3 buckets, this tool uses Trufflehog3 to scan the secrets like API keys, credentials, access tokens, etc in those exposed databases that can be stolen by hackers for malicious operations.
Scanning Amazon S3 Buckets
To the unknown, Amazon S3 is a simple cloud storage solution used mostly by businesses for hosting their application and customer data in the form of buckets for easy retrieval. Though they’re robust, it’s at the end of the user’s hand to configure them properly before using them.
Else, they could leak the sensitive data stored in them – for threat actors who constantly look into the web for exposed servers. We’ve seen a number of incidents in the past in which companies leak sensitive data because of improper configurations.
Well, we now have a free tool called the S3crets Scanner from Eilon Harel, a security researcher. He released it as an open-source tool on GitHub, with functions as below;
- Use CSPM to get a list of public buckets
- List the bucket content via API queries
- Check for exposed textual files
- Download the relevant textual files
- Scan content for secrets
- Forward results to SIEM
On finding an exposed Amazon S3 server, the S3crets scanner uses another tool called Trufflehog3 to scan the secrets within a text document. The tools can check for ‘secrets’ like authentication keys, access tokens, and API keys, which are mistakenly left in documents stored in public-facing Amazon S3 buckets.
Aside from scanning the text files on Amazon S3 buckets, the Trufflehog3 can scan secrets in GitHub, GitLab, and other filesystems too. Harel said this tool is made free to let red-teamers and white hat hackers scan the web for free to find exposed Amazon servers and report them responsibly.
