Skip to content

OWASP Domain Protect AWS

Home

domain-protect/terraform-aws-domain-protect

OWASP Domain Protect

Published as a public Terraform registry module

Prevent subdomain takeover ...

Alt text

... with serverless cloud infrastructure

Alt text

OWASP Global AppSec Dublin - talk and demo

Talk and demo on YouTube

Features

scan Amazon Route53 across an AWS Organization for domain records vulnerable to takeover
scan Cloudflare for vulnerable DNS records
take over vulnerable subdomains yourself before attackers and bug bounty researchers
automatically create known issues in Bugcrowd or HackerOne
vulnerable domains in Google Cloud DNS can be detected by Domain Protect for GCP
manual scans of cloud accounts with no installation

Installation

Domain Protect is packaged as a public Terraform Module
Ensure requirements are met
See Installation for details on how to install

Migration

See migration for a guide to migrating from the original Domain Protect repository to the Terraform Module

Collaboration

We welcome collaborators! Please see the OWASP Domain Protect website for more details.

Documentation

Manual scans - AWS
Manual scans - CloudFlare
Architecture
Database
Reports
Automated takeover optional feature
Cloudflare optional feature
Bugcrowd optional feature
HackerOne optional feature
Vulnerability types
Vulnerable A records (IP addresses) optional feature
Requirements
Installation
Migration
Slack Webhooks
AWS IAM policies
CI/CD
Development
Code Standards
Automated Tests
Manual Tests
Conference Talks and Blog Posts

Limitations

This tool cannot guarantee 100% protection against subdomain takeovers.