This automation protect against subdomain takeover on AWS env which also send alerts on slack.

Related tags

Third-party APIs WrappersAWS_Subdomain_Takeover_Detector
Overview

AWS_Subdomain_Takeover_Detector

Purpose

The purpose of this automation is to detect misconfigured Route53 entries which are vulnerable to subdomain takeover.

Deployment Options

  • AWS Lambda, Rundeck or any cron

Prerequisites

  • IAM role with a permission of route53("ListHostedZones", "ListResourceRecordSets", "ListDomains").

Configuration Steps

  • Configure IAM role with permission mention above in prerequisites.
  • Deploy it on any of the cron Lambda/rundeck.
  • In slack_alert() please put the incoming webhook url of slack channel.

Scans Amazon Route53 to identify:

  • Check alias records for CloudFront distributions with missing S3 origin, ElasticBeanstalk vulnerable aliaa record and S3 vulnerable Alias record.
  • Check CNAME records for CloudFront distributions with missing S3 origin, S3 vulnerable CNAME and ElasticBeanstalk vulnerable CNAME.
  • Check for NS subdomain takeover.

TODO

  • Slack Integration ---------> Done
Owner
Puneet Kumar Maurya
I am a security engineer, who play CTF's, Skills: Application Security | Secure Code Review | AWS | ELK Stack | Terraform | Python | Go
Puneet Kumar Maurya
GitHub Repository
Wrapper around the Mega API

python-mega Overview Wrapper around the Mega API. Based on the work of Julien Marchand. Installation Install using pip, including any optional package

Juan Riaza 104 Nov 26, 2022
A simple google translator telegram bot version 2

Translator-Bot-V2 A simple google translator telegram bot version 2 Made with Python3 (C) @FayasNoushad Copyright permission under MIT License License

Fayas Noushad 15 Oct 21, 2022
This is a very simple botnet with a CnC server, made by me. Feel free to change anything

This is a very simple botnet with a CnC server, made by me. Feel free to change anything

8 Nov 12, 2022
Fetch the details of assets hosted on AWS.

onaws onaws is a simple tool to check if an IP/hostname belongs to the AWS IP space or not. It uses the AWS IP address ranges data published by AWS to

Amal Murali 80 Dec 29, 2022
Simple Discord Nuke Bot.

Discord-Nuke-Bot Simple Discord Nuke Bot. Simple Discord Nuke Bot Python 3.6 - 3.8 Features Delete Channels Ban All Members Delete Roles Create Channe

9X4N 6 Aug 16, 2022
The records of 42 million users from a third-party version of the popular Telegram messaging app have just been Iranian accounts leaked

TelegramDatabase About The records of 42 million users from a third-party version of the popular Telegram messaging app have just been Iranian account

Hamed Mohammadvand 10 Jan 14, 2022
TON Miner from TON-Pool.com

TON-Pool Miner Miner from TON-Pool.com

21 Nov 18, 2022
A Python library wrapping the iFixit (Dozuki) API.

A Python library wrapping the iFixit API. Status Working, but incomplete. Fully tested and documented. Hacking I highly recommend using virtualenv: [$

James Pearson Hughes 13 May 24, 2021
Change Discord HypeSquad in few seconds!

a simple python script that change your hypesquad to what house you choose

Ho3ein 5 Nov 16, 2022
HinamiRobot - Telegram Group Manager Bot Written In Python Using Pyrogram

✨ HINAMI CHAN ✨ Telegram Group Manager Bot Written In Python Using Pyrogram. Rea

DARK LEGEND088 2 Jan 27, 2022
Python based Spotify account generator.

Spotify Account Generator Python based Spotify account generator. Installation Download the latest release, open command prompt in the folder, run pip

polo 5 Dec 27, 2022
An API wrapper for convertio.co written in Python.

An API wrapper for convertio.co written in Python.

Moonrise 9 Sep 27, 2022
This program is an automated trading bot that uses TDAmeritrades Thinkorswim trading platform's scanners and alerts system.

Python Trading Bot w/ Thinkorswim Description This program is an automated trading bot that uses TDAmeritrades Thinkorswim trading platform's scanners

Trey Thomas 201 Jan 03, 2023
Bitcoin-chance-wheel - Try your luck at getting bitcoins

Program Features - ✍️ Why did we name this tool the Lucky Wheel? - ✍️ This tool

hack4lx 20 Dec 22, 2022
Ein PY-Skript, mit dem tiled-Editor-Maps bearbeitet werden

tilesetCopyrighter Ein PY-Skript, mit dem tiled-Editor-Maps bearbeitet werden können fügt je Tileset eine custom-Property tilesetCopyright (string) hi

1 Dec 26, 2021
Share your files on local network just by one click.

Share Your Folder This script helps you to share any folder anywhere on your local network. it's possible to use the script on both: Windows (Click he

Mehran Seifalinia 15 Oct 23, 2022
Notflix - Notion / Netflix and IMDb to organise your movie dates. Happy Valentine <3 from 0x1za

Welcome to notflix 👋 This is a project to help organise shows to watch with my

Mwiza Ed' Simbeye 3 Feb 15, 2022
Hassium Server Manager For Python

Hassium Server Manager This is meant to be a tool for mostly internal use. I decided that I would make it open souce in case anyone wanted to use it.

0 Nov 24, 2022
ro.py is a modern, asynchronous Python 3 wrapper for the Roblox API.

GitHub | Discord | PyPI | Documentation | Examples | License Overview Welcome to ro.py! ro.py is an asynchronous, object-oriented wrapper for the Robl

ro.py 81 Dec 26, 2022
twitter bot tha uses tweepy library class to connect to TWITTER API

TWITTER-BOT-tweepy- twitter bot that uses tweepy library class to connect to TWITTER API replies to mentions automatically and follows the tweet.autho

Muziwandile Nkomo 2 Jan 08, 2022