[go: nahoru, domu]
Skip to content

domain-protect/domain-protect

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

665 Commits
.config
.config
 
 
.github
.github
 
 
aws-iam-policies
aws-iam-policies
 
 
build
build
 
 
docs
docs
 
 
integration_tests
integration_tests
 
 
lambda_code
lambda_code
 
 
manual_scans
manual_scans
 
 
scripts/lambda-build
scripts/lambda-build
 
 
terraform-modules
terraform-modules
 
 
unittests
unittests
 
 
utils
utils
 
 
.gitignore
.gitignore
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
backend.tf
backend.tf
 
 
locals.tf
locals.tf
 
 
main.tf
main.tf
 
 
provider.tf
provider.tf
 
 
pyproject.toml
pyproject.toml
 
 
pytest.ini
pytest.ini
 
 
requirements-dev.txt
requirements-dev.txt
 
 
terraform.tfvars.example
terraform.tfvars.example
 
 
variables.tf
variables.tf
 
 

Repository files navigation

OWASP Domain Protect

Version Python 3.x License OWASP Maturity

Prevent subdomain takeover ...

Alt text

... with serverless cloud infrastructure

Alt text

OWASP Global AppSec Dublin - talk and demo

Global AppSec Dublin 2023

Features

  • scan Amazon Route53 across an AWS Organization for domain records vulnerable to takeover
  • scan Cloudflare for vulnerable DNS records
  • take over vulnerable subdomains yourself before attackers and bug bounty researchers
  • automatically create known issues in Bugcrowd or HackerOne
  • vulnerable domains in Google Cloud DNS can be detected by Domain Protect for GCP
  • manual scans of cloud accounts with no installation

Installation

Collaboration

We welcome collaborators! Please see the OWASP Domain Protect website for more details.

Documentation

Manual scans - AWS
Manual scans - CloudFlare
Architecture
Database
Reports
Automated takeover optional feature
Cloudflare optional feature
Bugcrowd optional feature
HackerOne optional feature
Vulnerability types
Vulnerable A records (IP addresses) optional feature
Requirements
Installation
Slack Webhooks
AWS IAM policies
CI/CD
Development
Code Standards
Automated Tests
Manual Tests
Conference Talks and Blog Posts

Limitations

This tool cannot guarantee 100% protection against subdomain takeovers.

About

OWASP Domain Protect - prevent subdomain takeover

owasp.org/www-project-domain-protect/

Topics

dns aws security serverless terraform owasp cloudflare bugbounty security-tools

Resources

Readme

License

View license
Activity
Custom properties

Stars

392 stars

Watchers

12 watching

Forks

62 forks
Report repository

Releases 17

0.4.8 Latest
May 23, 2024
+ 16 releases

Contributors 13

Languages