Before, security researchers and hackers can only access exposed cloud-stored information given they have appropriate [certainly highly complicated] tools. Now, to make the job easier, a group of anonymous hackers has created a website that allows anyone to easily dig into unsecured Amazon Web Services (AWS) servers. BuckHacker is pretty much like the Google search engine except that it gives back information owners may have mistakenly published online. This is a very helpful tool to test the security measures employed by web servers without anyone having to dive into the complicated world of cybersecurity.
In an email to Motherboard, one of the anonymous developers of “Buckhacker” told that the project is made with the purpose of “increase[ing] the awareness on bucket security” as “too many companies [are] having wrong permissions on buckets in the last years.”
BuckHacker search engine lets anyone search hackable servers using bucket name or filename. According to the anonymous developer, the website collects bucket names, grabs the bucket’s index page, parses the results and stores it in a database to become accessible to users.
We tried to access the website but it is currently made offline for maintenance, mainly due to it being too unstable for use right now. Motherboard though was able to access the site before it was taken down for maintenance and confirmed that it actually works upon initial testing.
“The project is still in a really super alpha stage (there are several bugs at the moment that we try to fix),” the anonymous BuckHacker developer added. “I was sharing the project privately with some friends but unfortunately then we go public before the time. Actually we are even thinking to shutdown it because is quite unstable.”
BuckHacker does not only return results for exposed servers. It also returns entries labeled as“Access Denied” and “The specified bucket does not exist”. This could confirm whether the target is using Amazon’s services.
Unfortunately, we don’t have any details when will the website again be accessible to the public, or if it’s coming anytime soon.