{"id":13757410,"url":"https://github.com/prevade/cloudjack","last_synced_at":"2025-05-10T05:32:02.434Z","repository":{"id":54196202,"uuid":"103496605","full_name":"prevade/cloudjack","owner":"prevade","description":"Route53/CloudFront Vulnerability Assessment Utility","archived":false,"fork":false,"pushed_at":"2023-09-11T18:01:59.000Z","size":39,"stargazers_count":84,"open_issues_count":0,"forks_count":23,"subscribers_count":6,"default_branch":"master","last_synced_at":"2024-11-16T13:35:07.513Z","etag":null,"topics":["aws","cloudfront","route53","vulnerability"],"latest_commit_sha":null,"homepage":"https://www.prevade.com","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/prevade.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2017-09-14T06:50:42.000Z","updated_at":"2024-11-01T21:50:25.000Z","dependencies_parsed_at":"2024-01-18T13:04:59.953Z","dependency_job_id":"3ab79774-23f6-4894-a8b0-04bef23c92ff","html_url":"https://github.com/prevade/cloudjack","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/prevade%2Fcloudjack","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/prevade%2Fcloudjack/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/prevade%2Fcloudjack/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/prevade%2Fcloudjack/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/prevade","download_url":"https://codeload.github.com/prevade/cloudjack/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253371075,"owners_count":21897998,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","cloudfront","route53","vulnerability"],"created_at":"2024-08-03T12:00:37.052Z","updated_at":"2025-05-10T05:32:02.188Z","avatar_url":"https://github.com/prevade.png","language":"Python","readme":"# CloudJack \n\n### AWS Route53/CloudFront/S3 Vulnerability Assessment Utility\n\nCloudJack assesses AWS accounts for subdomain hijacking vulnerabilities as a result of decoupled Route53 and CloudFront configurations. This vulnerability exists if a Route53 alias references 1) a deleted CloudFront web distribution or 2) an active CloudFront web distribution with deleted CNAME(s).\n\nIf this decoupling is discovered by an attacker, they can simply create a CloudFront web distribution and/or CloudFront NAME(s) in their account that match the victim account's Route53 A record host name. Exploitation of this vulnerability results in the ability to spoof the victim's web site content, which otherwise would have been accessed through the victim's account.\n\nCloudJacking video at Austin OWASP May 2018: https://www.youtube.com/watch?v=tMMpK0kd5H8\n\nRequirements:\n\n1. AWS IAM access key ID and corresponding secret key\n2. AWS CLI installation configured with profile(s), access key ID(s), and secret key(s) in ~/.aws/credentials\n\n        [default]\n        aws_access_key_id=\u003cACCESS_KEY\u003e\n        aws_secret_access_key=\u003cSECRET\u003e\n\n        and/or\n\n        [myprofile]\n        aws_access_key_id=\u003cACCESS_KEY\u003e\n        aws_secret_access_key=\u003cSECRET\u003e\n\n3. AWS IAM policy allowing Route53 ListHostedZones and ListResourceRecordSets actions\n4. AWS IAM policy allowing CloudFront ListDistributions actions\n5. Python and AWS SDK boto3 package\n    - pip install boto3\n\nUsage:\n    $ python cloudjack.py -o [text|json] -p [profile]\n\nExamples:\n   - $ python cloudjack.py -o json -p default\n   - $ python cloudjack.py -o text -p default\n   - $ python cloudjack.py -o json -p myprofile\n   - $ python cloudjack.py -o text -p myprofile\n\n   Wishlist:\n\n   1. Assess S3/CloudFront decoupling\n   2. Offensive reconnaissance and exploitation features\n\nNotes:\n\nPython3 now supported. Use cloudjack-p2.py for Python2.\n\nReferences:\n\n- http://docs.aws.amazon.com/Route53/latest/APIReference/API_ListHostedZones.html\n- http://docs.aws.amazon.com/Route53/latest/APIReference/API_ListResourceRecordSets.html\n- http://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ListDistributions.html\n- http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html\n","funding_links":[],"categories":["Other Awesome Lists","0x02 工具 :hammer_and_wrench:"],"sub_categories":["Subdomain Takeover","1 云服务工具"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprevade%2Fcloudjack","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fprevade%2Fcloudjack","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprevade%2Fcloudjack/lists"}