Are you a bug bounty hunter on a mission to uncover vulnerabilities and secrets hidden within Amazon Web Services (AWS)? In the world of cybersecurity, AWS is a treasure trove for potential security issues, and today, I want to share my journey of discovery using two powerful tools: Trufflehog and Enumerate-IAM.
Trufflehog: Digging for AWS Secrets
As bug bounty hunters, one of our primary objectives is to uncover sensitive information such as AWS API keys, passwords, or other secrets. Trufflehog is a remarkable open-source tool designed for precisely this purpose. It specializes in searching for AWS secrets buried deep within code repositories. Here’s how I put it to work:
1. Installation: Start by installing Trufflehog, which is a Python-based tool. You can find the installation instructions on its GitHub repository.
2. Scanning Repositories: Trufflehog allows you to scan entire code repositories, including commit histories. It performs a deep and thorough search for potential AWS secrets.
3. Understanding the Results: After running Trufflehog, you’ll receive a report of any discovered secrets. This can be a goldmine for bug bounty hunters, as you may uncover valid AWS API keys, tokens, or other sensitive data that could lead to security rewards.
Enumerate-IAM: Validating AWS Permissions
Once you’ve found potential AWS secrets using Trufflehog, the next step is to validate their permissions with Enumerate-IAM. This tool focuses on analyzing AWS Identity and Access Management (IAM) policies, helping you understand what these keys can do.
Here’s how Enumerate-IAM plays a crucial role in your bug bounty journey:
1. **Installation**: Enumerate-IAM is also a Python-based tool. Follow the installation instructions on its GitHub repository to get started.
https://github.com/andresriancho/enumerate-iam
2. **Interrogating IAM Policies**: Enumerate-IAM allows you to examine AWS IAM policies associated with discovered secrets. By analyzing these policies, you can determine the extent of the damage these secrets can potentially cause.
3. **Mitigation and Reporting**: Armed with the knowledge of what the AWS secrets can access, you can take appropriate steps to report and mitigate the security risks, potentially earning bug bounty rewards in the process.
How I used Truffle Hog and Enumerate IAM and find invulnerability on bug bounty target.
1. Install trugglehog browser extension https://chrome.google.com/webstore/detail/trufflehog/bafhdnhjnlcdbjcdcnafhdcphhnfnhjc
2. Browse target application. If it identify any secret will alert you.
Press enter or click to view image in full size
3. Go to target .JS file and manually identify the AWS API key
4. Use tool to uncover https://github.com/andresriancho/enumerate-iam using command
python3 enumerate-iam.py — access-key AKIAR4YEYRJLZOfgfg — secret-key y+7bE9B322e5STEmK9dAwJVf/N9maN4eQ5h1gfg
Press enter or click to view image in full size
For a Practical POC Demonstration Please Watch my below Video
Conclusion
As bug bounty hunters, we rely on tools like Trufflehog and Enumerate-IAM to assist us in our quest for uncovering security vulnerabilities and secrets within AWS. These tools not only help us identify potential issues but also enable us to assess the risks associated with the exposed secrets.
Remember, while these tools are invaluable, responsible disclosure and ethical hacking practices are essential in the bug bounty community. Always follow the guidelines set by the organizations you are investigating, and report your findings responsibly.
In the ever-evolving world of cybersecurity, bug bounty hunters are the unsung heroes, working diligently to make the digital landscape safer. By adding Trufflehog and Enumerate-IAM to your toolkit, you can enhance your ability to discover and validate AWS secrets, ultimately contributing to a more secure online environment and earning rewards along the way. Happy hunting!