Packages and Binaries:


Dufflebag is a tool that searches through public Elastic Block Storage (EBS) snapshots for secrets that may have been accidentally left in.

The tool is organized as an Elastic Beanstalk (“EB”, not to be confused with EBS) application, and definitely won’t work if you try to run it on your own machine.

Dufflebag has a lot of moving pieces because it’s fairly nontrivial to actually read EBS volumes in practice. You have to be in an AWS environment, clone the snapshot, make a volume from the snapshot, attach the volume, mount the volume, etc… This is why it’s made as an Elastic Beanstalk app, so it can automagically scale up or down however much you like, and so that the whole thing can be easily torn down when you’re done with it.

Installed size: 5.90 MB
How to install: sudo apt install dufflebag

  • golang-any
  • golang-github-aws-aws-sdk-go-dev
  • golang-github-deckarep-golang-set-dev
  • golang-lukechampine-blake3-dev
  • make
  • sensible-utils
  • zip
root@kali:~# dufflebag -h
Usage: dufflebag AWS_REGION
Example: dufflebag us-east-1
Dufflebag can only operate in one AWS region at a time
If you want to search every region, you'll have to deploy several instances.
See also /usr/share/doc/dufflebag/

Updated on: 2022-Jul-26