Protect against subdomain takeover

Overview

domain-protect

scans Amazon Route53 across an AWS Organization for domain records vulnerable to takeover

deploy to security audit account

Alt text

scan your entire AWS Organization

Alt text

receive alerts by Slack or email

or manually scan from your laptop

Alt text

subdomain detection functionality

  • scans Amazon Route53 Alias records to identify CloudFront distributions with missing S3 origin
  • scans Amazon Route53 CNAME records to identify CloudFront distributions with missing S3 origin
  • scans Amazon Route53 for ElasticBeanstalk Alias records vulnerable to takeover
  • scans Amazon Route53 for ElasticBeanstalk CNAMES vulnerable to takeover
  • scans Amazon Route53 for subdomain NS delegations vulnerable to takeover
  • scans Amazon Route53 for S3 Alias records vulnerable to takeover
  • scans Amazon Route53 for S3 CNAMES vulnerable to takeover
  • scans Amazon Route53 to discover vulnerable CNAME records for Azure resources
  • scans Amazon Route53 to discover vulnerable CNAME records for Google Cloud resources

options

  1. scheduled lambda functions with email and Slack alerts, across an AWS Organization, deployed using Terraform
  2. manual scans run from your laptop or CloudShell, in a single AWS account

notifications

  • Slack channel notification per vulnerability type, listing account names and vulnerable domains
  • Email notification in JSON format with account names, account IDs and vulnerable domains by subscribing to SNS topic

requirements

  • Security audit account within AWS Organizations
  • Security audit read-only role with an identical name in every AWS account of the Organization
  • Storage bucket for Terraform state file
  • Terraform 1.0.x

usage

  • replace the Terraform state S3 bucket fields in the command below as appropriate
  • for local testing, duplicate terraform.tfvars.example, rename without the .example suffix
  • enter details appropriate to your organization and save
  • alternatively enter Terraform variables within your CI/CD pipeline
terraform init -backend-config=bucket=TERRAFORM_STATE_BUCKET -backend-config=key=TERRAFORM_STATE_KEY -backend-config=region=TERRAFORM_STATE_REGION
terraform workspace new dev
terraform plan
terraform apply

AWS IAM policies

For least privilege access control, example AWS IAM policies are provided:

adding new checks

  • create a new subdirectory within the terraform-modules/lambda/code directory
  • add Python code file with same name as the subdirectory
  • add the name of the file without extension to var.lambdas in variables.tf
  • add a subdirectory within the terraform-modules/lambda/build directory, following the existing naming pattern
  • add a .gitkeep file into the new directory
  • update the .gitignore file following the pattern of existing directories
  • apply Terraform

adding notifications to extra Slack channels

  • add an extra channel to your slack_channels variable list
  • add an extra webhook URL or repeat the same webhook URL to your slack_webhook_urls variable list
  • apply Terraform

testing

  • use multiple Terraform workspace environments, e.g. dev, prd
  • use the slack_channels_dev variable for your dev environment to notify a test Slack channel
  • for new subdomain takeover categories, create correctly configured and vulnerable domain names in Route53
  • minimise the risk of malicious takeover by using a test domain, with domain names which are hard to enumerate
  • remove any vulnerable domains as soon as possible

ci/cd

  • infrastructure has been deployed using CircleCI
  • environment variables to be entered in CircleCI project settings:
ENVIRONMENT VARIABLE EXAMPLE VALUE / COMMENT
AWS_ACCESS_KEY_ID using domain-protect deploy policy
AWS_SECRET_ACCESS_KEY -
TERRAFORM_STATE_BUCKET tfstate48903
TERRAFORM_STATE_KEY domain-protect
TERRAFORM_STATE_REGION us-east-1
TF_VAR_org_primary_account 012345678901
TF_VAR_security_audit_role_name not needed if "domain-protect-audit" used
TF_VAR_external_id only required if External ID is configured
TF_VAR_slack_channels ["security-alerts"]
TF_VAR_slack_channels_dev ["security-alerts-dev"]
TF_VAR_slack_webhook_urls ["https://hooks.slack.com/services/XXX/XXX/XXX"]
  • to validate an updated CircleCI configuration:
docker run -v `pwd`:/whatever circleci/circleci-cli circleci config validate /whatever/.circleci/config.yml

limitations

  • this tool cannot guarantee 100% protection against subdomain takeover
  • it currently only scans Amazon Route53, and only checks a limited number of takeover types
You might also like...
Official implementation of "Open-set Label Noise Can Improve Robustness Against Inherent Label Noise" (NeurIPS 2021)

Open-set Label Noise Can Improve Robustness Against Inherent Label Noise NeurIPS 2021: This repository is the official implementation of ODNL. Require

This script runs neural style transfer against the provided content image.
This script runs neural style transfer against the provided content image.

Neural Style Transfer Content Style Output Description: This script runs neural style transfer against the provided content image. The content image m

Defending against Model Stealing via Verifying Embedded External Features
Defending against Model Stealing via Verifying Embedded External Features

Defending against Model Stealing Attacks via Verifying Embedded External Features This is the official implementation of our paper Defending against M

Stable Neural ODE with Lyapunov-Stable Equilibrium Points for Defending Against Adversarial Attacks

Stable Neural ODE with Lyapunov-Stable Equilibrium Points for Defending Against Adversarial Attacks Stable Neural ODE with Lyapunov-Stable Equilibrium

Fake-user-agent-traffic-geneator - Python CLI Tool to generate fake traffic against URLs with configurable user-agents
Fake-user-agent-traffic-geneator - Python CLI Tool to generate fake traffic against URLs with configurable user-agents

Fake traffic generator for Gartner Demo Generate fake traffic to URLs with custo

TargetAllDomainObjects - A python wrapper to run a command on against all users/computers/DCs of a Windows Domain
TargetAllDomainObjects - A python wrapper to run a command on against all users/computers/DCs of a Windows Domain

TargetAllDomainObjects A python wrapper to run a command on against all users/co

Repo for
Repo for "Benchmarking Robustness of 3D Point Cloud Recognition against Common Corruptions" https://arxiv.org/abs/2201.12296

Benchmarking Robustness of 3D Point Cloud Recognition against Common Corruptions This repo contains the dataset and code for the paper Benchmarking Ro

This automation protect against subdomain takeover on AWS env which also send alerts on slack.

AWS_Subdomain_Takeover_Detector Purpose The purpose of this automation is to detect misconfigured Route53 entries which are vulnerable to subdomain ta

Code for the prototype tool in our paper "CoProtector: Protect Open-Source Code against Unauthorized Training Usage with Data Poisoning".

CoProtector Code for the prototype tool in our paper "CoProtector: Protect Open-Source Code against Unauthorized Training Usage with Data Poisoning".

Automatic SQL injection and database takeover tool
Automatic SQL injection and database takeover tool

sqlmap sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of

Automatic SQL injection and database takeover tool
Automatic SQL injection and database takeover tool

sqlmap sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of

Automatic SQL injection and database takeover tool
Automatic SQL injection and database takeover tool

sqlmap sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of

Subcert is an subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.
Subcert is an subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.

Subcert Subcert is a subdomain enumeration tool, that finds all the valid subdomains from certificate transparency logs. Table of contents Setup Demo

A Flask application for Subdomain Enumeration

subdomainer-flask A Flask application for Subdomain Enumeration steps to be done git clone https://github.com/gokulapap/subdomainer-flask pip3 install

simple subdomain finder

Subdomain-finder Simple SubDomain finder using python which is easy to use just download and run it Wordlist you can use your own wordlist but here i

Checks for a 200 response from your subdomain list.

Check for available subdomains Written in Python, this terminal based application looks for a 200 response from the subdomain list you've provided. En

 Subdomain enumeration,Web scraping and finding usernames automation script written in python
Subdomain enumeration,Web scraping and finding usernames automation script written in python

Subdomain enumeration,Web scraping and finding usernames automation script written in python

A simple subdomain scanner in python

Subdomain-Scanner A simple subdomain scanner in python ✨ Features scans subdomains of a domain thats it! 💁‍♀️ How to use first download the scanner.p

A Tool for subdomain scan with other tools

ReconTracer A Tool for subdomain scan with other tools ReconTracer Find subdomains by using another amazing sources!. Obs: In a close future recontrac

Releases(0.3.3)
Owner
OVO Technology
OVO Technology
A project which aims to protect your privacy using inexpensive hardware and easily modifiable software

Protecting your privacy using an ESP32, an IR sensor and a python script This project, which I personally call the "never-gonna-catch-me-in-the-act-ev

null 8 Oct 10, 2022
Fuzzification helps developers protect the released, binary-only software from attackers who are capable of applying state-of-the-art fuzzing techniques

About Fuzzification Fuzzification helps developers protect the released, binary-only software from attackers who are capable of applying state-of-the-

gts3.org (SSLab@Gatech) 55 Oct 25, 2022
Discord-Protect is a simple discord bot allowing you to have some security on your discord server by ordering a captcha to the user who joins your server.

Discord-Protect Discord-Protect is a simple discord bot allowing you to have some security on your discord server by ordering a captcha to the user wh

Tir Omar 2 Oct 28, 2021
Nest Protect integration for Home Assistant. This will allow you to integrate your smoke, heat, co and occupancy status real-time in HA.

Nest Protect integration for Home Assistant Custom component for Home Assistant to interact with Nest Protect devices via an undocumented and unoffici

Mick Vleeshouwer 175 Dec 29, 2022
Code for the paper: Adversarial Training Against Location-Optimized Adversarial Patches. ECCV-W 2020.

Adversarial Training Against Location-Optimized Adversarial Patches arXiv | Paper | Code | Video | Slides Code for the paper: Sukrut Rao, David Stutz,

Sukrut Rao 32 Dec 13, 2022
A certifiable defense against adversarial examples by training neural networks to be provably robust

DiffAI v3 DiffAI is a system for training neural networks to be provably robust and for proving that they are robust. The system was developed for the

SRI Lab, ETH Zurich 202 Dec 13, 2022
Defending graph neural networks against adversarial attacks (NeurIPS 2020)

GNNGuard: Defending Graph Neural Networks against Adversarial Attacks Authors: Xiang Zhang ([email protected]), Marinka Zitnik (marinka@hms.

Zitnik Lab @ Harvard 44 Dec 7, 2022
G-NIA model from "Single Node Injection Attack against Graph Neural Networks" (CIKM 2021)

Single Node Injection Attack against Graph Neural Networks This repository is our Pytorch implementation of our paper: Single Node Injection Attack ag

Shuchang Tao 18 Nov 21, 2022
RL-driven agent playing tic-tac-toe on starknet against challengers.

tictactoe-on-starknet RL-driven agent playing tic-tac-toe on starknet against challengers. GUI reference: https://pythonguides.com/create-a-game-using

null 21 Jul 30, 2022
Cards Against Humanity AI

cah-ai This is a Cards Against Humanity AI implemented using a pre-trained Semantic Search model. How it works A player is described by a combination

Alex Nichol 2 Aug 22, 2022