Researchers discovered a new open-source tool called S3crets Scanner that could enable researchers to scan for confidential data that are accidentally stored by users in the Amazon AWS S3 storage buckets.
Companies utilise the Amazon Simple Store Service (Amazon S3) to store information, services, and software in buckets. Unfortunately, most companies that use the platform fail to properly secure their Amazon S3 buckets, resulting in data breaches and cyberattacks from threat actors.
Based on reports, some of the data at risk in these buckets include customer or employee information, backups, and other data that could be accessible to intruders. Various information and details can be stored and accessed in S3 buckets by users, including API keys, access tokens, app data, source code, and authentication keys.
Once threat actors obtain these data, they can access significant services or a company’s corporate network.
A researcher demonstrated how the S3crets Scanner works against Amazon S3 buckets.
A researcher developed a new Python tool called S3crets Scanner to show how a failed storage on Amazon S3 buckets could affect a user. They came up with the open-source tool after realising that there were zero automated tools available to scan accidental data leaks.
The tool could run operations such as listing the bucket content through API queries, reviewing for exposed textual files, scanning content for secrets, downloading textual files, and using CSPM to get a list of publicly accessible buckets.
However, the scanner will only list S3 buckets with RestrictPublicBuckets, BlockPublicPolicy, BlockPublicAcls, and IgnorePublicAcls configurations set to ‘FALSE’. Subsequently, any buckets that the user intended to be public are filtered out from the list before the textual files are downloaded.
The script then uses the Trufflehog3 tool, an improved variant of the S3crets Scanner, to look for credentials and private keys on S3 buckets, filesystems, GitHub, and GitLab.
The research showed that the S3crets Scanner could help organisations to minimise data leaks by scanning their assets constantly. Lastly, this tool could notify users of exposed secrets in Amazon S3 before a threat actor identifies them. It could mitigate the chances of any cyberattack against a company.
