Else, they could leak the sensitive data stored in them – for threat actors who constantly look into the web for exposed servers. We’ve seen a number of incidents in the past in which companies leak sensitive data because of improper configurations. Well, we now have a free tool called the S3crets Scanner from Eilon Harel, a security researcher. He released it as an open-source tool on GitHub, with functions as below;
Use CSPM to get a list of public buckets List the bucket content via API queries Check for exposed textual files Download the relevant textual files Scan content for secrets Forward results to SIEM
