This automation protect against subdomain takeover on AWS env which also send alerts on slack.

Related tags

Third-party APIs WrappersAWS_Subdomain_Takeover_Detector
Overview

AWS_Subdomain_Takeover_Detector

Purpose

The purpose of this automation is to detect misconfigured Route53 entries which are vulnerable to subdomain takeover.

Deployment Options

  • AWS Lambda, Rundeck or any cron

Prerequisites

  • IAM role with a permission of route53("ListHostedZones", "ListResourceRecordSets", "ListDomains").

Configuration Steps

  • Configure IAM role with permission mention above in prerequisites.
  • Deploy it on any of the cron Lambda/rundeck.
  • In slack_alert() please put the incoming webhook url of slack channel.

Scans Amazon Route53 to identify:

  • Check alias records for CloudFront distributions with missing S3 origin, ElasticBeanstalk vulnerable aliaa record and S3 vulnerable Alias record.
  • Check CNAME records for CloudFront distributions with missing S3 origin, S3 vulnerable CNAME and ElasticBeanstalk vulnerable CNAME.
  • Check for NS subdomain takeover.

TODO

  • Slack Integration ---------> Done
Owner
Puneet Kumar Maurya
I am a security engineer, who play CTF's, Skills: Application Security | Secure Code Review | AWS | ELK Stack | Terraform | Python | Go
Puneet Kumar Maurya
GitHub Repository
Find Roblox Groups & Send To Discord

Roblox-Group-Finder A tool to help you find ownerless roblox groups :) It's really easy, all you need is a discord webhook :) It will not send locked

1 Dec 13, 2021
SmsSender v3.0.0 - the script is designed to send free SMS to any number and with any text.

SmsSender v3.0.0 - скрипт предназначен для бесплатной отправки SMS на любой номер и с любым текстом. Возможны небольшие баги, в скором времени исправл

Андрей Сергеев 20 Dec 03, 2021
A compatability shim between Discord.py and Hikari.

Usage as a partial shim: import discord import hikari import hikari_shim dpy_bot = discord.Client(intents=discord.Intents.all(), enable_debug_events=

EXPLOSION 3 Dec 25, 2021
API kumpulan doa-doa sesuai al-qur'an dan as-sunnah

API kumpulan doa-doa sesuai al-qur'an dan as-sunnah

Miftah Afina 4 Nov 26, 2022
Send pm to Admin - Telegram

Send pm to Admin - Telegram

Ahoora 3 Nov 17, 2022
Blankly - 🚀 💸 Trade stocks, cryptos, and forex w/ one package. Easily build, backtest, trade, and deploy across exchanges in a few lines of code.

💨 Rapidly build and deploy quantitative models for stocks, crypto, and forex 🚀 View Docs · Our Website · Join Our Newsletter · Getting Started Why B

Blankly Finance 1.4k Jan 03, 2023
An advanced api client for python botters.

[ALPHA] pybotters An advanced api client for python botters. 📌 Description pybottersは仮想通貨botter向けのPythonライブラリです。複数取引所に対応した非同期APIクライアントであり、bot開発により素晴ら

261 Dec 31, 2022
Aria & Qbittorent Mirror Bot

Eunha Mirror Eunha Mirror is a multipurpose Telegram Bot writen in Python for mirroring files on the Internet to our beloved Google Drive. Features su

ovin 158 Dec 19, 2022
Invites link generator for telegram(made for channel referral links)

InviteLinkGen Invites link generator for telegram(for channel referral links) made for @HelakuruEsana channel Spotify Giveaway

Jaindu Charindith 7 Feb 01, 2022
A simple Telegram bot, written in Python, that you can use to shill (i.e. send messages) your token, or whatever, to channels.

Telegram Shill Bot Ever wanted a Shill Bot but wankers keep scamming for one OR wanted to charge you an arm and a leg? This is a simple bot written in

53 Nov 25, 2022
ImaginaryTicketing is a simple ticketing system for running CTF Competitions on discord.

ImaginaryTicketing ImaginaryTicketing is a simple ticketing system for running CTF Competitions on discord. Be sure to checkout ImaginaryCTF. See docs

GudOreos 8 Jul 18, 2022
Implement backup and recovery with AWS Backup across your AWS Organizations using a CI/CD pipeline (AWS CodePipeline).

Backup and Recovery with AWS Backup This repository provides you with a management and deployment solution for implementing Backup and Recovery with A

AWS Samples 8 Nov 22, 2022
A Discord/Xenforo bot!

telathbot A Discord/Xenforo bot! Pre-requisites pyenv (via installer) poetry Docker (with Go version of docker compose enabled) Local development Crea

Telath 4 Mar 09, 2022
Threat Intel Platform for T-POTs

T-Pot 20.06 runs on Debian (Stable), is based heavily on docker, docker-compose

Deutsche Telekom Security GmbH 4.3k Jan 07, 2023
Бот для мини-игры "Рабы" ("Рабство") ВКонтакте.

vk-slaves-bot Бот для мини-игры "Рабы" ("Рабство") ВК Группа в ВК, в ней публикуются новости и другая полезная информация. У группы есть беседа, в кот

Almaz 80 Dec 17, 2022
A telegram media to gofile bot

GoFile-Bot A telegram media to gofile bot Made with Python3 (C) @FayasNoushad Copyright permission under MIT License License - https://github.com/Fay

Fayas Noushad 37 Nov 14, 2022
Open API to list Viet Nam administrative divisions

Viet Nam province API Homepage: https://provinces.open-api.vn This is online tool to let my VietnamProvinces library reach more users. VietnamProvince

Nguyễn Hồng Quân 52 Dec 05, 2022
Discord bot that performs various functions.

rikka-bot A Discord bot that performs various functions. Table of Contents Commands Main Commands Utility Commands Admin Commands Self-Assignable Role

Carlos Saucedo 7 Aug 27, 2021
A Discord token grabber executing in a Microsoft Document.

🦊 Rage 🦊 Rage is a tool written in Python3 allowing you to inject a Python3 complete Discord token grabber (Riot) script in a Microsoft Document usi

Billy 73 Nov 03, 2022
This is an implementation example of a bot that periodically sends predictions to the alphasea-agent.

alphasea-example-model alphasea-example-modelは、 alphasea-agent に対して毎ラウンド、予測を投稿するプログラムです。 Numeraiのexample modelに相当します。 準備 alphasea-example-modelの動作には、

AlphaSea 11 Jul 28, 2022