S3crets Scanner, a new open-source tool, allows researchers to search for confidential information mistakenly stored in Amazon AWS S3 storage buckets.
Amazon S3 (Simple Storage Service), is used by companies to store data, services, and software in buckets. However, a lot of companies fail to properly secure their S3 buckets that has caused data breaches and cyberattacks in the past.
Data on risk
Employee or customer information, backups, and other types of data might be accessible to the threat actors.
A variety of information can be stored and accessed in S3 buckets, such as authentication keys, access tokens, and API keys, in addition to application data and source code.
If accessed by threat actors, it allows them access to major services or even the company's corporate network.
Scanning S3 for mining secrets
In an exercise, security researcher Eilon Harel realized that no automated tools were available to scan accidental data leaks. As a result, he came up with a Python tool named S3crets Scanner.
It performs operations such as listing the bucket content via API queries, downloading the relevant textual files, checking for exposed textual files, forwarding results to SIEM, scanning content for secrets, and using CSPM to get a list of public buckets.
The scanner tool will only list S3 buckets that have the BlockPublicAcls, BlockPublicPolicy, IgnorePublicAcls, and RestrictPublicBuckets configurations set to False.
Any buckets that were intended to be public are filtered out from the list before the textual files are downloaded.
To check for credentials and private keys on GitHub, GitLab, filesystems, and S3 buckets, the script uses the Trufflehog3 tool, an improved version of the secrets scanner.
Companies can resort to any lengths to keep confidential information safe when under threat. Research shows that S3crets Scanner can help companies minimize data leaks by scanning their assets periodically. In addition to scanning publicly accessible buckets, the tool can furthermore notify owners of exposed secrets before threats find them.