Tool for Finding Open S3 Buckets | VerSprite Open-Source Intelligence Tool for Finding Open S3 Buckets | VerSprite Open-Source Intelligence

Home  |  Resources  |  Threat & Vulnerability Management

A New Tool for Finding Open S3 Buckets

Written By: Zach Varnell

< Back to Blog Home

Hackers in Search for Sensitive Data

Open web directories have long been a target of hackers looking for cheap wins in the search for sensitive data.

Today, open S3 buckets are becoming a new favorite source for discovering data sitting on the public internet. Common finds include internal documents, unsecured camera feeds, IOT devices, git configuration files, .htpasswd files, and more.

Many open source tools exist to find and pilfer from these buckets, but a new tool now makes that easier than ever. With its free and easy to use web interface, it’s likely the number of hackers aware of this data source has dramatically increased.

Proactive Defense

As with any technology, it can be used for good or evil. Defenders can run the same searches as attackers as part of their vulnerability management program.

Periodically search for the company name, insider jargon and codewords, and client and partner names to find if any data is exposed. Also consider conducting a thorough permissions audit of any S3 buckets in use.

We are an international squad of professionals working as one.