Skip to content

Supported DNS vulnerability types

AWS

Scans Amazon Route53 to identify: * Alias records for CloudFront distributions with missing S3 origin * CNAME records for CloudFront distributions with missing S3 origin * ElasticBeanstalk Alias records vulnerable to takeover * ElasticBeanstalk CNAMES vulnerable to takeover * Registered domains with missing hosted zones * Subdomain NS delegations vulnerable to takeover * S3 Alias records vulnerable to takeover * S3 CNAMES vulnerable to takeover * Vulnerable CNAME records for Azure resources * CNAME records for missing Google Cloud Storage buckets * A records pointing to IP addresses no longer in use

CloudFlare

  • NS subdomains
  • CNAMEs pointing to missing resources, e.g. Elastic Beanstalk, Azure storage
  • Cloudflare proxy configured with S3 origin in Free plan, directs to non-existent S3 bucket matching domain name

GCP

Vulnerable domains in Google Cloud DNS can be detected by Domain Protect for GCP