InfoSecBulletin Cybersecurity for mankind
A free tool is now available to scan public GitHub repositories for exposed AWS credentials. Security engineer Anmol Singh Yadav created AWS-Key-Hunter after discovering over 100 exposed AWS access keys, many with high privileges, in public repositories. He described these findings as “just waiting to be exploited” in his blog about the tool.
Leaked security keys can allow criminals to take over cloud accounts and access AWS resources. This can result in theft of computing power, illegal cryptocurrency mining, data breaches, ransom demands, and unauthorized changes to system settings.
Hackers Bypass Gmail MFA With App-Specific Password Reuse
Russia detects first SuperCard malware attacks via NFC
Income Property Investments exposes 170,000+ Individuals record
ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs
CISA Flags Active Exploits in Apple iOS and TP-Link Routers
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online
Canada 2nd largest airlines “WestJet” investigates cyberattack disrupting internal systems
Paraguay 7.4 Million Citizen Records Leaked on Dark Web
High-Severity Flaw in HashiCorp Nomad Allows Privilege Escalation
SoftBank: Over 137,000 personal info leaked
Real-Time Alerting via Discord Webhooks:
The tool uses Discord’s webhook API to send instant notifications to a set channel. When it detects valid credentials, AWS-Key-Hunter sends a POST request with repository metadata and partial key details.
Security teams can tailor alert thresholds and set up automated key rotation using AWS Lambda integrations.
To deploy AWS-Key-Hunter:
Generate GitHub personal access token with repo scope
Configure Discord webhook URL in .env
Launch via Docker
Build the Docker image:
Run the container:
