GithubHelp home page GithubHelp logo

cloudsecurity-aw / auditing_cloudjack Goto Github PK

View Code? Open in Web Editor NEW

This project forked from prevade/cloudjack

0.0 0.0 0.0 39 KB

auditing_Route53/CloudFront Vulnerability Assessment Utility

Home Page: https://www.prevade.com

License: GNU General Public License v3.0

Python 100.00%

auditing_cloudjack's Introduction

CloudJack

AWS Route53/CloudFront/S3 Vulnerability Assessment Utility

CloudJack assesses AWS accounts for subdomain hijacking vulnerabilities as a result of decoupled Route53 and CloudFront configurations. This vulnerability exists if a Route53 alias references 1) a deleted CloudFront web distribution or 2) an active CloudFront web distribution with deleted CNAME(s).

If this decoupling is discovered by an attacker, they can simply create a CloudFront web distribution and/or CloudFront NAME(s) in their account that match the victim account's Route53 A record host name. Exploitation of this vulnerability results in the ability to spoof the victim's web site content, which otherwise would have been accessed through the victim's account.

CloudJacking video at Austin OWASP May 2018: https://www.youtube.com/watch?v=tMMpK0kd5H8

Requirements:

  1. AWS IAM access key ID and corresponding secret key

  2. AWS CLI installation configured with profile(s), access key ID(s), and secret key(s) in ~/.aws/credentials

     [default]
 aws_access_key_id=<ACCESS_KEY>
 aws_secret_access_key=<SECRET>

 and/or

 [myprofile]
 aws_access_key_id=<ACCESS_KEY>
 aws_secret_access_key=<SECRET>

  3. AWS IAM policy allowing Route53 ListHostedZones and ListResourceRecordSets actions

  4. AWS IAM policy allowing CloudFront ListDistributions actions

  5. Python and AWS SDK boto3 package

    • pip install boto3

Usage: $ python cloudjack.py -o [text|json] -p [profile]

Examples:

  • $ python cloudjack.py -o json -p default
  • $ python cloudjack.py -o text -p default
  • $ python cloudjack.py -o json -p myprofile
  • $ python cloudjack.py -o text -p myprofile

Wishlist:

  1. Assess S3/CloudFront decoupling
  2. Offensive reconnaissance and exploitation features

Notes:

Python3 now supported. Use cloudjack-p2.py for Python2.

References:

auditing_cloudjack's People

Contributors

bryanmcaninch avatar ha17 avatar andresriancho avatar joanbono-bf avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.