К

.

А

.

А

S

I

T

E

.

картинка сайта рука

S3crets Scanner

One guard wrote (https://medium.com/@hareleilon/hunting-after-secrets-accidentally-uploaded-to-public-s3-buckets-7e5bbbb80097 ) an open source tool that scans AWS S3 public buckets and searches for keys, tokens and other juicy things that have ended up in the public domain. In general, an automated war with a gray hat. The scanner is focused on incorrectly configured storage and checking text files in them for secrets. It runs loaded via Trufflehog3.

The S3crets scanner is useful for companies to pentest their buckets on their knees to avoid embarrassing stories with leaks. Everyone can also wear a white hat and walk around with a scanner (https://github.com/Eilonh/s3crets_scanner ) online in search of leaky buckets, until someone more enterprising and malicious got to them. And leave a sincere message to the owners in the spirit of the example from the article: «Dear owner, your bucket is open for reading /writing, but since you did not deliver