Dufflebag
Dufflebag searches public AWS Elastic Block Storage (EBS) snapshots for accidentally exposed secrets. It operates as an Elastic Beanstalk application within an AWS environment.
Description
Dufflebag is designed to identify secrets left in exposed EBS snapshots that may have been accidentally made public. These snapshots can contain sensitive information if proper access controls were not applied during their creation or sharing.
The tool is structured as an Elastic Beanstalk (EB) application rather than a standalone binary, enabling it to handle the complex process of accessing EBS volumes in AWS. This deployment model allows automatic scaling and easy teardown after use.
Use cases include security assessments of cloud infrastructure, reconnaissance for exposed data, and compliance audits for AWS environments where public snapshots might leak credentials or other secrets.
How It Works
Dufflebag automates the nontrivial process of reading EBS snapshots: cloning the snapshot, creating a volume, attaching it to an instance, mounting the volume, and scanning for secrets. Deployed as an Elastic Beanstalk app, it operates within AWS to leverage native services for volume manipulation. It processes one AWS region per instance.
Installation
sudo apt install dufflebagFlags
Examples
dufflebag us-east-1dufflebag us-west-2dufflebag eu-west-1dufflebag ap-southeast-1dufflebag -hcat /usr/share/doc/dufflebag/README.md