InfoSecBulletin Cybersecurity for mankind
A free tool is now available to scan public GitHub repositories for exposed AWS credentials. Security engineer Anmol Singh Yadav created AWS-Key-Hunter after discovering over 100 exposed AWS access keys, many with high privileges, in public repositories. He described these findings as “just waiting to be exploited” in his blog about the tool.
Leaked security keys can allow criminals to take over cloud accounts and access AWS resources. This can result in theft of computing power, illegal cryptocurrency mining, data breaches, ransom demands, and unauthorized changes to system settings.
AWS Key Hunter
Test this free automated tool to hunt for exposed AWS secrets
Check Point Flaw Used to Deploy ShadowPad and Ransomware
CVE-2024-12284
Citrix Issues Security Update for NetScaler Console
CISA and FBI ALERT
Ghost ransomware to breach organizations in 70 countries
Hacker chains multiple vulns to attack Palo Alto Firewall
150 Gov.t Portal affected
Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain
CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh
Builder claims Rs 150 cr for data loss; AWS faces FIR In Bengaluru
CISA Warns Active Exploitation of Apple iOS Security Flaw
Massive IoT Data Breach Exposes 2.7 Billion Records
Real-Time Alerting via Discord Webhooks:
The tool uses Discord’s webhook API to send instant notifications to a set channel. When it detects valid credentials, AWS-Key-Hunter sends a POST request with repository metadata and partial key details.
Security teams can tailor alert thresholds and set up automated key rotation using AWS Lambda integrations.
To deploy AWS-Key-Hunter:
Generate GitHub personal access token with repo scope
Configure Discord webhook URL in .env
Launch via Docker
Build the Docker image:
Run the container:
