Skip to content

Commit

Permalink
Merge pull request #98 from domain-protect/docs-update
Browse files Browse the repository at this point in the history
docs: correct path and remove duplicate images
  • Loading branch information
paulschwarzenberger authored Sep 30, 2024
2 parents 2856953 + 9e9daf7 commit fb75251
Show file tree
Hide file tree
Showing 14 changed files with 12 additions and 14 deletions.
18 changes: 8 additions & 10 deletions manual_scans/aws/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -38,63 +38,63 @@ $ export PYTHONPATH="${PYTHONPATH}:/Users/paul/src/github.com/domain-protect/ter
python manual_scans/aws/aws_alias_cloudfront_s3.py
```

![Alt text](assets/imagesaws-cloudfront-s3-alias.png?raw=true "CloudFront Alias with missing S3 origin")
![Alt text](../../docs/assets/images/aws/aws-cloudfront-s3-alias.png?raw=true "CloudFront Alias with missing S3 origin")

## CloudFront CNAME with missing S3 origin

```
python manual_scans/aws/aws_cname_cloudfront_s3.py
```

![Alt text](assets/imagesaws-cloudfront-s3-cname.png?raw=true "CloudFront CNAME with missing S3 origin")
![Alt text](../../docs/assets/images/aws/aws-cloudfront-s3-cname.png?raw=true "CloudFront CNAME with missing S3 origin")

## ElasticBeanstalk Alias

```
python manual_scans/aws/aws-alias-eb.py
```

![Alt text](assets/imagesaws-eb-alias.png?raw=true "Detect vulnerable S3 Aliases")
![Alt text](../../docs/assets/images/aws/aws-eb-alias.png?raw=true "Detect vulnerable S3 Aliases")

## ElasticBeanstalk CNAMES

```
python manual_scans/aws/aws-cname-eb.py
```

![Alt text](assets/imagesaws-eb-cnames.png?raw=true "Detect vulnerable ElasticBeanstalk CNAMEs")
![Alt text](../../docs/assets/images/aws/aws-eb-cnames.png?raw=true "Detect vulnerable ElasticBeanstalk CNAMEs")

## S3 Alias

```
python manual_scans/aws/aws_alias_s3.py
```

![Alt text](assets/imagesaws-s3-alias.png?raw=true "Detect vulnerable S3 Aliases")
![Alt text](../../docs/assets/images/aws/aws-s3-alias.png?raw=true "Detect vulnerable S3 Aliases")

## S3 CNAMES

```
python manual_scans/aws/aws-cname-s3.py
```

![Alt text](assets/imagesaws-s3-cnames.png?raw=true "Detect vulnerable S3 CNAMEs")
![Alt text](../../docs/assets/images/aws/aws-s3-cnames.png?raw=true "Detect vulnerable S3 CNAMEs")

## registered domains with missing hosted zone

```
python manual_scans/aws/aws-ns-domain.py
```

![Alt text](assets/imagesaws-ns-domain.png?raw=true "Detect vulnerable subdomains")
![Alt text](../../docs/assets/images/aws/aws-ns-domain.png?raw=true "Detect vulnerable subdomains")

## subdomain NS delegations

```
python manual_scans/aws/aws-ns-subdomain.py
```

![Alt text](assets/imagesaws-ns-subdomain.png?raw=true "Detect vulnerable subdomains")
![Alt text](../../docs/assets/images/aws/aws-ns-subdomain.png?raw=true "Detect vulnerable subdomains")

## assume role from another AWS account
* log in to the AWS console in the audit account
Expand All @@ -118,7 +118,5 @@ sudo pip3 install dnspython
python3 manual_scans/aws/aws-ns-domain.py
```

[back to README](../../README.md)

## acknowledgement
* NS subdomain takeover detection based on [NSDetect](https://github.com/shivsahni/NSDetect)
Binary file not shown.
Binary file removed manual_scans/aws/images/aws-cloudfront-s3-cname.png
Binary file not shown.
Binary file removed manual_scans/aws/images/aws-eb-alias.png
Binary file not shown.
Binary file removed manual_scans/aws/images/aws-eb-cnames.png
Binary file not shown.
Binary file removed manual_scans/aws/images/aws-ns-domain.png
Binary file not shown.
Binary file removed manual_scans/aws/images/aws-ns-subdomain.png
Binary file not shown.
Binary file removed manual_scans/aws/images/aws-s3-alias.png
Binary file not shown.
Binary file removed manual_scans/aws/images/aws-s3-cnames.png
Binary file not shown.
6 changes: 3 additions & 3 deletions manual_scans/cloudflare/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -39,21 +39,21 @@ $ export CF_API_KEY='00000000000000000000000000000000'
```

## subdomain NS delegations
<img src="assets/imagescf-ns.png" width="400">
<img src="../../docs/assets/images/cf/cf-ns.png" width="400">

```
python manual_scans/cloudflare/cf-ns.py
```

## subdomains pointing to missing storage buckets
<img src="assets/imagescf-storage.png" width="400">
<img src="../../docs/assets/images/cf/cf-storage.png" width="400">

```
python manual_scans/cloudflare/cf-storage.py
```

## vulnerable CNAMEs
<img src="assets/imagescf-cname.png" width="400">
<img src="../../docs/assets/images/cf/cf-cname.png" width="400">

```
python manual_scans/cloudflare/cf-cname.py
Expand Down
Binary file removed manual_scans/cloudflare/images/cf-cname.png
Binary file not shown.
Binary file removed manual_scans/cloudflare/images/cf-ns.png
Binary file not shown.
Binary file removed manual_scans/cloudflare/images/cf-storage.png
Binary file not shown.
2 changes: 1 addition & 1 deletion mkdocs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ edit_uri: edit/main/docs/
use_directory_urls: true
theme:
name: material
logo: assets/slack/domain-protect-icon.svg
logo: assets/slack/domain-protect-icon.png
palette:
- media: "(prefers-color-scheme: dark)"
scheme: slate
Expand Down

0 comments on commit fb75251

Please sign in to comment.