The information that is stored accidentally in AWS S3 or public storage buckets that are exposed publicly could now be accessed by security researchers and red team members with the help of a new open-source scanner tool, called S3crets Scanner.
AWS S3 is an Amazon cloud storage service that permits companies to store several key elements like their data, tools, and services in containers.
The containers that are provided by Amazon S3 are referred to as buckets, and they are made available to specific groups by the companies.
Companies, however, are not always fortunate when it comes to the security of their buckets. In short, sometimes they fail to adequately secure them and as a result, they become publicly accessible. Due to this, all these buckets expose their essential data to the public.
Data Exposure
In the past, such silly misconfigurations have led to extensive data breaches. The following information is some of the data that may be accessed by threat actors in breaches like this:-
- Employee details
- Customer details
- Saved backups
- Other essential data
Moreover, the AWS S3 buckets can also contain ‘secrets’ in source code or configuration files, such as:-
- Authentication keys
- Access tokens
- API keys
- Private keys
Exposure of these essential data could lead the threat actors to exploit more extensive and critical resources of the company.
As far as file exposure is concerned, there are two types of permissions and here they are:-
- Public
- Objects can be public
Identifying secrets in S3
Cybersecurity researcher, Eilon Harel has recently developed an automated open-source scanner tool, “S3crets Scanner” that was released on GitHub, and this tool is based on Python programming language.
Here in the below image, you can see all the auto action capabilities of S3crets Scanner:-
Below we have listed all the S3 bucket configurations that are set to false since this automated scanner only selects the S3 buckets consisting of these configurations:-
- BlockPublicAcls
- BlockPublicPolicy
- IgnorePublicAcls
- RestrictPublicBuckets
The Trufflehog3 tool is used by the script to inspect the content of text files inside a bucket during the scanning process. Trufflehog3 is an enhanced version of the secrets scanner tool and this version of the tool is completely based on the Go programming language.
This enhanced version of the tool has the capability to scan the credentials and private keys on the following platforms:-
- GitHub
- GitLab
- Filesystems
- S3 buckets
In Trufflehog3 a set of custom rules are used to scan the files that have been downloaded by S3crets. These rules target the following things:-
- PII exposure
- Internal access tokens
Moreover, it is believed that this “S3crets Scanner” tool may be helpful to firms in preventing their probabilities of losing data or having their networks compromised.
Download Free SWG – Secure Web Filtering – E-book
