Skip to content

Puneet8800/AWS_Subdomain_Takeover_Detector

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits

LICENSE

LICENSE

 
 

README.md

README.md

 
 

aws_subdomain_takeover_detector.py

aws_subdomain_takeover_detector.py

 
 

Repository files navigation

AWS_Subdomain_Takeover_Detector

Purpose

The purpose of this automation is to detect misconfigured Route53 entries which are vulnerable to subdomain takeover.

Deployment Options

  • AWS Lambda, Rundeck or any cron

Prerequisites

  • IAM role with a permission of route53("ListHostedZones", "ListResourceRecordSets", "ListDomains").

Configuration Steps

  • Configure IAM role with permission mention above in prerequisites.
  • Deploy it on any of the cron Lambda/rundeck.
  • In slack_alert() please put the incoming webhook url of slack channel.

Scans Amazon Route53 to identify:

  • Check alias records for CloudFront distributions with missing S3 origin, ElasticBeanstalk vulnerable aliaa record and S3 vulnerable Alias record.
  • Check CNAME records for CloudFront distributions with missing S3 origin, S3 vulnerable CNAME and ElasticBeanstalk vulnerable CNAME.
  • Check for NS subdomain takeover.

TODO

  • Slack Integration ---------> Done

About

This automation protect against subdomain takeover on AWS env which also send alerts on slack.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

12 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages