S3Khoj, is a robust tool designed to help detect sensitive files at AWS public S3 buckets. “Khoj”, a Nepali word meaning search or explore, perfectly encapsulates the tool’s functionality for searching sensitive files within them.
Buckets are meant to be private and it’s indeed private in default. It should not be accessible to anyone without authentication. Misconfigurations and mistakes lead to the public exposure of the bucket’s object. Some objects can be sensitive information. Attackers can easily able to find out and perform malicious activity. We realized that S3 buckets can pose security risks if not properly managed. It can lead to data breaches, exposing sensitive information, and many more.
S3Khoj, a security tool can help out the pentester or bug bounty hunters to perform pen-testing at s3 buckets. They can perform black box testing. S3Khoj will look for patterns via regular expression within the responses that indicate sensitive information. It automatically discovers the s3 bucket’s object based on common naming patterns and wordlists. It also provides the custom regex or wordlist that will be sent to the AWS bucket’s object to check and try to list objects within the buckets.
All you need is to go and git installed on your system. You can clone the S3Khoj public repository and install it.
git clone https://github.com/ajutamangdev/S3Khoj
cd S3Khoj
make build
./S3Khoj -h
Once you have performed the installation part. You can able to proceed with its usage. For the demonstration, I created the s3 bucket and put some dump files with some secrets. You can able to see the exposure of some sensitive information like .env, terraform state, and many more.
Initially, it determines whether the specified s3 bucket is public or private. Then it continues its operation and searches for sensitive files with patterns within the bucket. It leverages the aws sdk to interact under the hood and performs a series of checks and scans.
In the case of white box testing, we have AWS Macuie that can help us. This toolkit is perfect for black box testing. Start using S3Khoj today and take control of s3 bucket security. Happy searching with S3Khoj.