Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/domain-protect/domain-protect
OWASP Domain Protect - prevent subdomain takeover
https://github.com/domain-protect/domain-protect
aws bugbounty cloudflare dns owasp security security-tools serverless terraform
Last synced: 23 days ago
JSON representation
OWASP Domain Protect - prevent subdomain takeover
- Host: GitHub
- URL: https://github.com/domain-protect/domain-protect
- Owner: domain-protect
- License: other
- Created: 2021-05-10T07:44:00.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2024-08-02T20:48:49.000Z (4 months ago)
- Last Synced: 2024-08-04T19:49:57.348Z (4 months ago)
- Topics: aws, bugbounty, cloudflare, dns, owasp, security, security-tools, serverless, terraform
- Language: Python
- Homepage: https://owasp.org/www-project-domain-protect/
- Size: 18.8 MB
- Stars: 388
- Watchers: 11
- Forks: 62
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
- awesome-hacking-lists - domain-protect/domain-protect - OWASP Domain Protect - prevent subdomain takeover (Python)
README
# OWASP Domain Protect
[](https://github.com/domain-protect/domain-protect/releases/tag/0.1.0)
[](https://www.python.org/)
[](https://www.apache.org/licenses/LICENSE-2.0)
## Prevent subdomain takeover ...
## ... with serverless cloud infrastructure
## OWASP Global AppSec Dublin - talk and demo
[](https://youtu.be/fLrRLmKZTvE)
## Features
* scan Amazon Route53 across an AWS Organization for domain records vulnerable to takeover
* scan [Cloudflare](docs/cloudflare.md) for vulnerable DNS records
* take over vulnerable subdomains yourself before attackers and bug bounty researchers
* automatically create known issues in [Bugcrowd](docs/bugcrowd.md) or [HackerOne](docs/hackerone.md)
* vulnerable domains in Google Cloud DNS can be detected by [Domain Protect for GCP](https://github.com/ovotech/domain-protect-gcp)
* [manual scans](manual_scans/aws/README.md) of cloud accounts with no installation
## Installation
* the simplest way to install is to use the separate [Domain Protect Deploy](https://github.com/domain-protect/domain-protect-deploy) repository with GitHub Actions deployment workflow
* for other methods see [Installation](docs/installation.md)
## Collaboration
We welcome collaborators! Please see the [OWASP Domain Protect website](https://owasp.org/www-project-domain-protect/) for more details.
## Documentation
[Manual scans - AWS](manual_scans/aws/README.md)
[Manual scans - CloudFlare](manual_scans/cloudflare/README.md)
[Architecture](docs/architecture.md)
[Database](docs/database.md)
[Reports](docs/reports.md)
[Automated takeover](docs/automated-takeover.md) *optional feature*
[Cloudflare](docs/cloudflare.md) *optional feature*
[Bugcrowd](docs/bugcrowd.md) *optional feature*
[HackerOne](docs/hackerone.md) *optional feature*
[Vulnerability types](docs/vulnerability-types.md)
[Vulnerable A records (IP addresses)](docs/a-records.md) *optional feature*
[Requirements](docs/requirements.md)
[Installation](docs/installation.md)
[Slack Webhooks](docs/slack-webhook.md)
[AWS IAM policies](docs/aws-iam-policies.md)
[CI/CD](docs/ci-cd.md)
[Development](docs/development.md)
[Code Standards](docs/code-standards.md)
[Automated Tests](docs/automated-tests.md)
[Manual Tests](docs/manual-tests.md)
[Conference Talks and Blog Posts](docs/talks.md)
## Limitations
This tool cannot guarantee 100% protection against subdomain takeovers.