BuckHacker: A search tool that allows you to search leaky Amazon Web Services servers
The lives of hackers has just been made a lot easier, thanks to a tool created by anonymous hackers that allows security researchers and cybercriminals to search for sensitive information stored in the cloud.
The tool called BuckHacker scans servers at Amazon Web Services (AWS), a popular cloud computing platform that offers compute power, database storage, content delivery and other functionality to governments, universities and private firms, among others.
“The purpose of the project is to increase the awareness on bucket security, too many companies was [sic] hit for having wrong permissions on buckets in the last years,” one of the anonymous developers of BuckHacker, told Motherboard in an email.
The search engine is specifically focused on Amazon’s Simple Storage Service (S3), and S3 servers known as “buckets”, which is the part of AWS that BuckHacker directly targets and accesses.
Users can search the hackable servers either by bucket name, which may include company or organization name, or filename. Basically, BuckHacker collects bucket names and index pages, breaks down the results and stores it in a database that can be searched by others. Besides returning results for exposed servers, it also returns the entries labeled “Access Denied” and “The specified deposit does not exist”.
“The project is still in a really super alpha stage (there are several bugs at the moment that we try to fix),” the BuckHacker developer added. “I was sharing the project privately with some friends but unfortunately then we go public before the time. Actually we are even thinking to shutdown it because is quite unstable.”
The search engine has now been taken offline, with the developers behind BuckHacker site saying on Twitter: “Sorry guys, we are going offline for maintenance. We went online with the alpha version too early.”
Amazon has yet to comment on the issue.