A new open source tool ‘S3crets Scanner’ scans Amazon Web Services (AWS) S3 storage buckets for mistakingly stored ‘secrets.’ Cloud storage buckets are frequently targeted by attackers or those performing cybersecurity assessments. Many cloud administrators or privileged users improperly store secrets in publicly-accessible storage buckets by user error.
Failing to secure these storage buckets, once they become accessible by the public internet, they can contain valid credentials, authentication keys, access tokens, or API keys.
Security researcher Eilon Harel created S3crets Scanner in Python and shared it on GitHub as open source.
The tool performs the following:
- List the public buckets in the account (Set with ACL of Public or objects can be public)
- List the textual or sensitive files (i.e. .p12, .pgp and more)
- Download, scan (using truffleHog3) and delete the files from disk, once done evaluating, one by one.
- The logs will be created in logger.log file.
Any S3 buckets that are intended to be public will be excluded from the tool results.
Harel’s hope is that ethical hackers will be able to use the tool to find any publicly-accessible S3 buckets and alert the proper teams to restrict access before malicious hackers do.
As more companies move resources into the cloud—and multiple cloud service providers at that—this tool should at least help companies and SOC teams understand their threat exposure to AWS.
There is no equivalent tool by Harel for Google Cloud or Microsoft Azure at this time, but if our readers are aware of similar tools, please let us know.
