A new open-source tool allows security professionals to scan for authentication data exposed in Amazon S3 storage buckets. ‘S3crets Scanner’ is now available on GitHub.
Amazon S3 (Simple Storage Service) was designed to help organizations store software, data, and services on the cloud. The purpose of the service is to minimize the costs of infrastructure that organizations need to store their data. These containers of storage are known as buckets.
A new open-source tool allows security professionals to scan Amazon S3 Storage buckets for exposed ‘secrets’, which include authentication keys, access tokens and API credentials. ‘S3crets Scanner’ was recently made available on GitHub.
Scanning for S3 secrets
In the past, organizations have been caught lacking due to inconsistencies in their security protocols. Exposed secrets in S3 buckets have caused millions of data assets to be breached over the years.
After failing to find an effective scanning tool for exposed secrets in S3 buckets, security researcher Eilon Harel created his own scanner, which was recently open-sourced on GitHub. The tool automatically performs the following processes:
- Retrieve a list of public buckets with the help of CSPM
- Using API queries to categorize the content in the buckets
- Scan the buckets for any exposed textual files
- Retrieve and download the relevant textual files
- Scan the downloaded content for any secrets
- Forward results to SIEM
This tool allows organizations to easily review what data can be compromised. S3crets Scanner was designed to scan for buckets that are easily accessible to external parties. Ultimately, the tool alerts organizations of possible data breaches before a threat actor can get a hold of the data.
Future of S3crets Scanner
The first version of the open-source scanner is a great way to check the efficacy of an organization’s security protocols. Future iterations can help organizations get an in-depth look into the exposure of secrets and risks of data breaches.