This automation protect against subdomain takeover on AWS env which also send alerts on slack.

Related tags

Third-party APIs WrappersAWS_Subdomain_Takeover_Detector
Overview

AWS_Subdomain_Takeover_Detector

Purpose

The purpose of this automation is to detect misconfigured Route53 entries which are vulnerable to subdomain takeover.

Deployment Options

  • AWS Lambda, Rundeck or any cron

Prerequisites

  • IAM role with a permission of route53("ListHostedZones", "ListResourceRecordSets", "ListDomains").

Configuration Steps

  • Configure IAM role with permission mention above in prerequisites.
  • Deploy it on any of the cron Lambda/rundeck.
  • In slack_alert() please put the incoming webhook url of slack channel.

Scans Amazon Route53 to identify:

  • Check alias records for CloudFront distributions with missing S3 origin, ElasticBeanstalk vulnerable aliaa record and S3 vulnerable Alias record.
  • Check CNAME records for CloudFront distributions with missing S3 origin, S3 vulnerable CNAME and ElasticBeanstalk vulnerable CNAME.
  • Check for NS subdomain takeover.

TODO

  • Slack Integration ---------> Done
Owner
Puneet Kumar Maurya
I am a security engineer, who play CTF's, Skills: Application Security | Secure Code Review | AWS | ELK Stack | Terraform | Python | Go
Puneet Kumar Maurya
GitHub Repository
“Hey there 👋 I'm szrosebot .A Powerful, Smart And Simple Group Manager with some extra features..

A Powerful, Smart And Simple Group Manager szrose bot This is the clone of DewmiBotit is a Powerful, Smart And Simple Group Manager bot made by hiruna

slgeekshow 36 Oct 30, 2022
checks anilist for available usernames (200rq/s)

Anilist checker Running the program Set a path to the extracted files Install the packages with pip install -r req.txt Run the script by typing python

gxzs 1 Oct 13, 2021
Solves bombcrypto newest captcha

Solves Bombcrypto newest captcha A very compact implementation using just cv2 and ctypes, ready to be deployed to your own project. How does it work I

19 May 06, 2022
Widevine MPD Content Downloader & Decryptor

Widevine-DL Encrypted MPD Manifest Content Downloader + Decryptor (not a Widevine Key Extractor!) Requirements ffmpeg, yt-dlp, aria2, widevine-l3-decr

Vank0n (SJJeon) 170 Dec 30, 2022
Create custom Vanity URLs for Discord without 30 boosts

CustomVanity - Made by udp#6666 aka Apolo - OpenSource Custom Discord Vanity Creator How To Use Open CustomVanity.py Write your server invite code Wri

apolo 17 Aug 23, 2022
A Pluggable And Powerful Telegram Manager Bot

FRIDAY-USERBOT 🇮🇳 A Powerful, Smart And Simple Userbot In Pyrogram. Support 🚑 Inspiration & Credits Userge-X Userge Pokurt Pyrogram Code Owners Chs

DevsExpo 371 Mar 26, 2022
A Flask & Twilio Secret Santa app.

🎄 ✨ Secret Santa Twilio ✨ 📱 A contactless Secret Santa game built with Python, Flask and Twilio! Prerequisites 📝 A Twilio account. Sign up here ngr

Sangeeta Jadoonanan 5 Dec 23, 2021
8300-account-nuker - A simple accoutn nuker or can use it full closing dm and leaving server

8300 ACCOUNT NUKER VERISON: its just simple accoutn nuker or can use it full clo

†† 5 Jan 26, 2022
Autov2new - Pro Auto Filter Bot V2

Pro Auto Filter Bot V2 Deploy You can deploy this bot anywhere. Watch Deploying

1 Jan 06, 2022
This is a simple bot for running Python code through Discord

Python Code Runner Discord Bot This is a simple bot for running Python code through Discord. It was originally developed for the Beginner.Codes Discor

beginner.py 1 Feb 14, 2022
Exports saved posts and comments on Reddit to a csv file.

reddit-saved-to-csv Exports saved posts and comments on Reddit to a csv file. Columns: ID, Name, Subreddit, Type, URL, NoSFW ID: Starts from 1 and inc

70 Jan 02, 2023
Actively maintained, pure Python wrapper for the Twitter API. Supports both normal and streaming Twitter APIs.

Twython Twython is a Python library providing an easy way to access Twitter data. Supports Python 3. It's been battle tested by companies, educational

Ryan McGrath 1.9k Jan 02, 2023
Materials for the AMS 2022 Student Conference Python Workshop.

AMS 2022 Student Conference Python Workshop Let's talk MetPy! Here you will find a collection of notebooks we will be demonstrating and working throug

Unidata 4 Dec 13, 2022
This is a Innexia Chat Bot Open Source Code 🤬

⚡ Innexia ⚡ A Powerful, Smart And Simple Chat Bot ... Written with Python... Available on Telegram as @InnexiaChatBot ❤️ Support ⭐️ Thanks to everyone

Dark Cyber 4 Oct 02, 2022
💖 Telegram - Telethon - UserBot 💖

『᭙ꪖ᥅ƺẞø†』 🇮🇳 ⚡ ᭙ꪖ᥅ƺBot Is One Of The Fastest & Smoothest Bot On Telegram Based on Telethon ⚡ Status Of Bot Telegram 🏪 YouTube 📺 Dєρℓογ το нєяοκυ D

Team WarZ 1 Mar 28, 2022
Telegram 隨機色圖,支援每日自動爬取

Telegram 隨機色圖機器人 使用此原始碼的Bot 開放的隨機色圖機器人: @katonei_bot 已實現的功能 爬取每日R18排行榜 不夠色!再來一張 Tag 索引,指定Tag色圖 將爬取到的色圖轉為 WebP 格式儲存,節省空間 需要注意的事件 好久之前的怪東西,代碼質量不保證 請在使用A

cluckbird 15 Oct 18, 2021
A httpx token generator for discord [ hcaptcha bypass ]

Discord-Token-Generator-Yazato A httpx token generator for discord This generator was developed by Aced#0001, Dreamy Tos Follower#0001, Scripted#0131

23 Oct 26, 2021
My homeserver setup. Everything managed securely using Portainer.

homeserver-traefik-portainer Features: access all services with free TLS from letsencrypt using your own domain running a side project is super simple

Tomasz Wójcik 44 Jan 03, 2023
Celestial - a Python regex Discord chatbot who can talk with you.

Celestial a Python regex Discord chat bot who can talk with you. Invite url: https://discord.com/api/oauth2/authorize?client_id=927573556961869825&per

Jirayu Kaewsing 3 Jan 01, 2023
Invites link generator for telegram(made for channel referral links)

InviteLinkGen Invites link generator for telegram(for channel referral links) made for @HelakuruEsana channel Spotify Giveaway

Jaindu Charindith 7 Feb 01, 2022