Giter Site home page Giter Site logo

angietechcafe / domain-protect Goto Github PK

View Code? Open in Web Editor NEW

This project forked from domain-protect/domain-protect

0.0 0.0 0.0 13.16 MB

OWASP Domain Protect - prevent subdomain takeover

Home Page: https://owasp.org/www-project-domain-protect/

License: Other

Shell 0.90% Python 68.16% HTML 0.48% Smarty 4.45% HCL 26.01%

domain-protect's Introduction

domain-protect

Release version Python 3.x License OWASP Manutiry

  • scan Amazon Route53 across an AWS Organization for domain records vulnerable to takeover
  • scan Cloudflare for vulnerable DNS records
  • take over vulnerable subdomains yourself before attackers and bug bounty researchers
  • automatically create known issues in Bugcrowd or HackerOne
  • vulnerable domains in Google Cloud DNS can be detected by Domain Protect for GCP

blog posts

conference and meetup talks

deploy to security audit account

Alt text

scan your entire AWS Organization

Alt text

take over vulnerable domains in security account

receive alerts by Slack or email

deploy in your AWS Organization using GitHub Actions

Alt text

or manually scan from your laptop

Alt text

documentation

Manual scans - AWS
Manual scans - CloudFlare
Architecture
Database
Reports
Automated takeover optional feature
Cloudflare optional feature
Bugcrowd optional feature
HackerOne optional feature
Vulnerability types
Vulnerable A records (IP addresses) optional feature
Requirements
Installation
Slack Webhooks
AWS IAM policies
CI/CD
Development
Code Standards
Automated Tests
Manual Tests

limitations

  • this tool cannot guarantee 100% protection against subdomain takeover
  • it currently only scans Amazon Route53 and Cloudflare, and only checks a limited number of takeover types
  • vulnerable domains in Google Cloud DNS can be detected by Domain Protect for GCP

domain-protect's People

Contributors

altho1 avatar eramvn avatar paulschwarzenberger avatar ruddles avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.