Leaving private data on exposed AWS servers isn’t as rare as you might think. Security researchers and hackers can access such data with ease using appropriate tools. To make this process even easier, some developers have created a tool named BuckHacker, which lets one search for such exposed servers.
In the past, you must have read about Shodan–the hackers’ search engine. BuckHacker is another interesting tool that can be used to test the security measures employed by web servers without any prior expertise in the IT security field.
In an email to Motherboard, the anonymous devs underlined the inspiration behind this project. They aim to increase the security associated with the code repositories and projects. “Too many companies was [sic] hit for having wrong permissions on buckets in the last years,” they added.
This search engine lets one search for hackable servers using bucket name or by filename. Moreover, it also returns entries labeled as “Access Denied” and “The specified bucket does not exist.” This feature can confirm that the target is using Amazon’s services.
It collects bucket names and their index pages. The results are stored in a database, which can be searched later by other users. As per the devs, the project is currently in the early stages of development and it’s pretty unstable.
At the moment, there isn’t any information on BuckHacker’s launch or any other related details. In case we come across more relevant information, we’ll be updating this article. Stay tuned.