Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

New open-source tool scans public AWS S3 buckets for secrets

A new open-source ‘S3crets Scanner’ scanner allows researchers and red-teamers to search for ‘secrets’ mistakenly stored in publicly exposed or company’s Amazon AWS S3 storage buckets.

Amazon S3 (Simple Storage Service) is a cloud storage service commonly used by companies to store software, services, and data in containers known as buckets.

Unfortunately, companies sometimes fail to properly secure their S3 buckets and thus publicly expose stored data to the Internet.

This type of misconfiguration has caused data breaches in the past, with threat actors gaining access to employee or customer details, backups, and other types of data.

In addition to application data, source code or configuration files in the S3 buckets can also contain ‘secrets,’ which are authentication keys, access tokens, and API keys.

If these secrets are improperly exposed and accessed by threat actors, they could allow them far greater access to other services or even the company’s corporate network.

Scanning S3 for secrets

During an exercise examining SEGA’s recent assets exposure, security researcher Eilon Harel discovered that no tools for scanning accidental data leaks exist, so he decided to create his own automated scanner and release it as an open-source tool on GitHub.

To help with the timely discovery of exposed secrets on public S3 buckets, Harel created a Python tool named “S3crets Scanner” that automatically performs the following actions:

  • Use CSPM to get a list of public buckets
  • List the bucket content via API queries
  • Check for exposed textual files
  • Download the relevant textual files
  • Scan content for secrets
  • Forward results to SIEM
Actions performed by the S3crets Scanner
Actions performed by the S3crets Scanner

The scanner tool will only list S3 buckets that have the following configurations set to ‘False,’ meaning that exposure was likely accidental:

  • “BlockPublicAcls”
  • “BlockPublicPolicy”
  • “IgnorePublicAcls”
  • “RestrictPublicBuckets”

Any buckets that were intended to be public are filtered out from the list before the textual files are downloaded for the “secrets scanning” step.

When scanning a bucket, the script will examine the content of text files using the Trufflehog3 tool, an improved Go-based version of the secrets scanner that can check for credentials and private keys on GitHub, GitLab, filesystems, and S3 buckets.

Trufflehog3 scans the files downloaded by S3crets using a set of custom rules designed by Harel, which target personally identifiable information (PII) exposure and internal access tokens.

When used periodically to scan an organization’s assets, the researcher believes that “S3crets Scanner” can help firms minimize the chances of data leaks or network breaches resulting from the exposure of secrets.

Finally, the tool can also be used for white-hat actions, like scanning publicly accessible buckets and notifying the owners of exposed secrets before bad actors find them.

Copyright 2021 Associated Press. All rights reserved.

Source: https://www.bleepingcomputer.com/news/security/new-open-source-tool-scans-public-aws-s3-buckets-for-secrets/

Advertisement. Scroll to continue reading.
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The cyberattack that ultimately led to the breach of several U.S. officials’ email accounts was the result of a China-based threat actor accessing a...

Cyber Security

The well-known watch manufacturing company Seiko disclosed the data breach notification recently on Aug 2023, targeted by the notorious threat group BlackCat/ALPHV. BlackCat/ALPHV Group has been...

Cyber Security

Privileged users typically hold crucial positions within organizations. They usually have elevated access, authority, and permission levels in the organization’s IT systems, networks, applications,...

Cyber Security

The Colorado Department of Higher Education (CDHE) discloses a massive data breach impacting students, past students, and teachers after suffering a ransomware attack in...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO