Code Monkey home page Code Monkey logo

cloudjack's Introduction

CloudJack

AWS Route53/CloudFront/S3 Vulnerability Assessment Utility

CloudJack assesses AWS accounts for subdomain hijacking vulnerabilities as a result of decoupled Route53 and CloudFront configurations. This vulnerability exists if a Route53 alias references 1) a deleted CloudFront web distribution or 2) an active CloudFront web distribution with deleted CNAME(s).

If this decoupling is discovered by an attacker, they can simply create a CloudFront web distribution and/or CloudFront NAME(s) in their account that match the victim account's Route53 A record host name. Exploitation of this vulnerability results in the ability to spoof the victim's web site content, which otherwise would have been accessed through the victim's account.

CloudJacking video at Austin OWASP May 2018: https://www.youtube.com/watch?v=tMMpK0kd5H8

Requirements:

  1. AWS IAM access key ID and corresponding secret key

  2. AWS CLI installation configured with profile(s), access key ID(s), and secret key(s) in ~/.aws/credentials

     [default]
 aws_access_key_id=<ACCESS_KEY>
 aws_secret_access_key=<SECRET>

 and/or

 [myprofile]
 aws_access_key_id=<ACCESS_KEY>
 aws_secret_access_key=<SECRET>

  3. AWS IAM policy allowing Route53 ListHostedZones and ListResourceRecordSets actions

  4. AWS IAM policy allowing CloudFront ListDistributions actions

  5. Python and AWS SDK boto3 package

    • pip install boto3

Usage: $ python cloudjack.py -o [text|json] -p [profile]

Examples:

  • $ python cloudjack.py -o json -p default
  • $ python cloudjack.py -o text -p default
  • $ python cloudjack.py -o json -p myprofile
  • $ python cloudjack.py -o text -p myprofile

Wishlist:

  1. Assess S3/CloudFront decoupling
  2. Offensive reconnaissance and exploitation features

Notes:

Python3 now supported. Use cloudjack-p2.py for Python2.

References:

cloudjack's People

Contributors

andresriancho avatar bryanmcaninch avatar ha17 avatar joanbono-bf avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar

Forkers

ivosandoval andresriancho dgdemo mmg1 modulexcite rajivraj durinashan kolabszar syllogy ekmixon excloudx6 an0nym0us3r ikpehlivan ssghost satyam9927 sngynprk reefspek kobs0n 0xsojalsec 3tternp cloudsecurity-aw sir-spamalot1337

cloudjack's Issues

Doesn't work with python3

$ ./cloudjack.py -o text -p default
File "./cloudjack.py", line 65
print parser.format_help()
^
SyntaxError: invalid syntax

(with python 3.7.4)

TypeError: '<' not supported between instances of 'dict' and 'dict'

When running, this error is returning.
Could someone please help?

File "/home/myhome/tools/cloudjack/cloudjack.py", line 92, in main
for hosted_zone in sorted(route53.list_hosted_zones()['HostedZones']):
TypeError: '<' not supported between instances of 'dict' and 'dict'

Output

Hi I wonder if you have any documentation to understand the ouput after I run cloudjack. Thanks

Nothing is shown in output 

[eth:~/tools/cloudjack] master(+109/-99)* ± python cloudjack.py 

  oooooooo8 o888                              oooo ooooo                      oooo        
o888     88  888   ooooooo  oooo  oooo   ooooo888   888   ooooooo    ooooooo   888  ooooo 
888          888 888     888 888   888 888    888   888   ooooo888 888     888 888o888    
888o     oo  888 888     888 888   888 888    888   888 888    888 888         8888 88o   
 888oooo88  o888o  88ooo88    888o88 8o  88ooo888o  888  88ooo88 8o  88ooo888 o888o o888o 
						 8o888
			CloudJack v1.0.2

[eth:~/tools/cloudjack] master(+109/-99)*

I know I have the AWS credentials properly configured, and I know that the organization I'm connecting to has cloudfront / route53.

The tool should at least show something like: "Analyzing instance X", "X is not vulnerable because ..."

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.