OWASP Domain Protect – prevent subdomain takeover … with serverless cloud infrastructure
New security solution that helps prevent subdomain takeover on websites. Subdomain takeover occurs when a hacker takes control of an unused or forgotten subdomain, which can then be used to launch attacks against the website and its users. This vulnerability has become increasingly common in recent years as more businesses move to cloud-based infrastructure and use third-party services.
With OWASP Domain Protect, businesses can rest assured that their subdomains are protected from takeover attempts. The solution works by constantly monitoring DNS records for any changes or updates, and immediately alerts the website owner if any unauthorized changes are detected. This ensures that only authorized personnel have access to make changes to the domain’s DNS settings, preventing any potential takeover attempts.
One of the key benefits of OWASP Domain Protect is its serverless cloud infrastructure.
OWASP Global AppSec Dublin – talk and demo
Features
- scan Amazon Route53 across an AWS Organization for domain records vulnerable to takeover
- scan Cloudflare for vulnerable DNS records
- take over vulnerable subdomains yourself before attackers and bug bounty researchers
- automatically create known issues in Bugcrowd or HackerOne
- vulnerable domains in Google Cloud DNS can be detected by Domain Protect for GCP
- manual scans of cloud accounts with no installation
Installation
- the simplest way to install is to use the separate Domain Protect Deploy repository with GitHub Actions deployment workflow
- for other methods see Installation
Collaboration
We welcome collaborators! Please see the OWASP Domain Protect website for more details.
Documentation
Manual scans – AWS
Manual scans – CloudFlare
Architecture
Database
Reports
Automated takeover optional feature
Cloudflare optional feature
Bugcrowd optional feature
HackerOne optional feature
Vulnerability types
Vulnerable A records (IP addresses) optional feature
Requirements
Installation
Slack Webhooks
AWS IAM policies
CI/CD
Development
Code Standards
Automated Tests
Manual Tests
Conference Talks and Blog Posts
Limitations
This tool cannot guarantee 100% protection against subdomain takeovers.
For more Software click HERE