probator_auditor_domain_hijacking

class probator_auditor_domain_hijacking.DomainHijackAuditor

Bases: probator.plugins.BaseAuditor

Domain Hijacking Auditor

Checks DNS resource records for any pointers to non-existing assets in AWS (S3 buckets, Elastic Beanstalks, etc).

run(*args, **kwargs)

Update the cache of all DNS entries and perform checks

Parameters:

• *args – Optional list of arguments
• **kwargs – Optional list of keyword arguments

Returns:

None

notify(new_issues, existing_issues, fixed_issues)

Send notifications (email, slack, etc.) for any issues that are currently open or has just been closed

Parameters:

• new_issues (list of DomainHijackIssue) – List of newly discovered issues
• existing_issues (list of DomainHijackIssue) – List of existing open issues
• fixed_issues (list of dict) – List of fixed issues

Returns:

None

class probator_auditor_domain_hijacking.S3WithoutEndpointAudit(buckets)

Bases: probator_auditor_domain_hijacking.DomainAudit

In the event that a domain ALIASES to s3-website-us-west-2.amazonaws.com. without an endpoint, S3 will assume the bucket name is the domain. This can be easily be hijacked if the S3 bucket doesn’t exist.

audit(record, zone)

Returns a list of issues.

probator_auditor_domain_hijacking.dns_record_exists(record)

Try and resolve a DNS record to see if it exists

Parameters:record (str) – DNS records to attempt to resolve Returns:bool