Skip to content

Protect against subdomain takeover

License

Notifications You must be signed in to change notification settings

brightcove/domain-protect

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

OWASP Domain Protect

Version Python 3.x License OWASP Maturity

Prevent subdomain takeover ...

Alt text

... with serverless cloud infrastructure

Alt text

OWASP Global AppSec Dublin - talk and demo

Global AppSec Dublin 2023

Features

  • scan Amazon Route53 across an AWS Organization for domain records vulnerable to takeover
  • scan Cloudflare for vulnerable DNS records
  • take over vulnerable subdomains yourself before attackers and bug bounty researchers
  • automatically create known issues in Bugcrowd or HackerOne
  • vulnerable domains in Google Cloud DNS can be detected by Domain Protect for GCP
  • manual scans of cloud accounts with no installation

Installation

Collaboration

We welcome collaborators! Please see the OWASP Domain Protect website for more details.

Documentation

Manual scans - AWS
Manual scans - CloudFlare
Architecture
Database
Reports
Automated takeover optional feature
Cloudflare optional feature
Bugcrowd optional feature
HackerOne optional feature
Vulnerability types
Vulnerable A records (IP addresses) optional feature
Requirements
Installation
Slack Webhooks
AWS IAM policies
CI/CD
Development
Code Standards
Automated Tests
Manual Tests
Conference Talks and Blog Posts

Limitations

This tool cannot guarantee 100% protection against subdomain takeovers.

About

Protect against subdomain takeover

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Python 73.0%
  • HCL 21.2%
  • Smarty 4.2%
  • Shell 1.1%
  • HTML 0.5%