InfoSecBulletin Cybersecurity for mankind
A free tool is now available to scan public GitHub repositories for exposed AWS credentials. Security engineer Anmol Singh Yadav created AWS-Key-Hunter after discovering over 100 exposed AWS access keys, many with high privileges, in public repositories. He described these findings as “just waiting to be exploited” in his blog about the tool.
Leaked security keys can allow criminals to take over cloud accounts and access AWS resources. This can result in theft of computing power, illegal cryptocurrency mining, data breaches, ransom demands, and unauthorized changes to system settings.
Canada 2nd largest airlines “WestJet” investigates cyberattack disrupting internal systems
Paraguay 7.4 Million Citizen Records Leaked on Dark Web
High-Severity Flaw in HashiCorp Nomad Allows Privilege Escalation
SoftBank: Over 137,000 personal info leaked
Alert
Trend Micro Apex One Flaw Allow Attackers to Inject Malicious Code
Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Action
Adobe Releases Patch Fixing 254 Vulnerabilities With High-Severity Security Gaps
Alert
40,000 + live internet cameras exposed globally !
Microsoft patch Tuesday fix exploited zero-day and 65 vuls patched
84,000+ Roundcube instances vulnerable to actively exploited flaw
Real-Time Alerting via Discord Webhooks:
The tool uses Discord’s webhook API to send instant notifications to a set channel. When it detects valid credentials, AWS-Key-Hunter sends a POST request with repository metadata and partial key details.
Security teams can tailor alert thresholds and set up automated key rotation using AWS Lambda integrations.
To deploy AWS-Key-Hunter:
Generate GitHub personal access token with repo scope
Configure Discord webhook URL in .env
Launch via Docker
Build the Docker image:
Run the container:
