Cloud misconfiguration is one of the biggest causes of data breaches these days, and one security researcher set out to fix it with a new tool.
Built in Python, S3crets Scanner allows security researchers and analysts to search for “secrets” that companies have accidentally disclosed to the public through their company’s AWS S3 storage (opens in a new tab) a bucket
As explained by BleepingComputer, secrets include authentication keys, access tokens, or API keys, all of which can be used by threat actors to cause great harm. For example, these secrets can be used to access a company’s corporate network and endpoints (opens in a new tab)which can lead to data theft, malware infections, or even ransomware attacks.
Targeting of personally identifiable information
The tool was created by security researcher Eilon Harrell to find secrets that were accidentally disclosed. It does this by scanning only S3 configurations that have certain configurations set to false, such as “BlockPublicAcls”, “BlockPublicPolicy”, “IgnorePublicAcls”, and “RestrictPublicBuckets”. Any other buckets are filtered out.
Caches that meet the above criteria will be downloaded as text files and scanned using the Trufflehog3 tool, which checks for credentials and private keys in S3 containers, as well as GitHub, GitLab, and filesystems. Harel has created a unique set of rules for Trufflehog3 that targets disclosure of personally identifiable information (PII) as well as internal access tokens.
Harrell believes this tool can help businesses expose fewer secrets and thus suffer less from data breaches and similar cybersecurity incidents. He also believes it can be used for white hat operations, as researchers can scan public buckets for misconfigurations and notify businesses before attackers.
Multi-cloud environments are essential for businesses these days, but keeping data secure in such a system is one of the biggest challenges they face. A recent report by cybersecurity experts Radware states that 70% of senior executives, DevOps leaders, and other senior employees are not confident they can adequately secure both on-premises and multi-cloud environments.
Via: BleepingComputer (opens in a new tab)
https://www.techradar.com/news/this-new-open-source-tool-is-hunting-for-public-aws-s3-buckets-to-spy-on/
