Categories: Kali Linux

CloudFrunt Tool For Identifying Misconfigured CloudFront Domains

CloudFrunt is a tool for identifying misconfigured CloudFront domains. CloudFront is a Content Delivery Network (CDN) gave by Amazon Web Services (AWS). CloudFront clients make “distributions” that serve content from particular sources (an S3 container, for instance).

Each CloudFront distribution has a remarkable endpoint for clients to point their DNS records to (ex. d111111abcdef8.cloudfront.net). The greater part of the areas utilizing a particular distribution should be recorded in the “Alternate Domain Names (CNAMEs)” field in the choices for that distribution.

At the point when a CloudFront endpoint gets a demand, it doesn’t consequently serve content from the relating distribution. Rather, CloudFront utilizes the HOST header of the demand to figure out which distribution to utilize. This implies two things:

  • In the event that the HOST header does not coordinate a entry in the “Alternate Domain Names (CNAMEs)” field of the proposed circulation, the demand will come up short.
  • Whatever other distribution that contains the particular area in the HOST header will get the demand and react to it regularly.

Also Read Best SQL Injection Tools

This is the thing that enables the spaces to be hijacked. There are numerous situations where a CloudFront client neglects to list all the essential areas that may be gotten in the HOST header. For instance:

  • The domain “test.disloops.com” is a CNAME record that focuses to “disloops.com”.
  • The “disloops.com” area is set up to utilize a CloudFront distribution.
  • Since “test.disloops.com” was not added to the “Alternate Domain Names (CNAMEs)” field for the distribution, solicitations to “test.disloops.com” will fall fail.
  • Another client can make a CloudFront distribution and include “test.disloops.com” to the “Alternate Domain Names (CNAMEs)” field to hijack the domain.

This implies the remarkable endpoint that CloudFront binds to a solitary circulation is viably good for nothing. An ask for to one particular CloudFront subdomain isn’t restricted to the distribution it is related with.

Installation CloudFrunt

$ git clone --recursive https://github.com/MindPointGroup/cloudfrunt
$ pip install -r requirements.txt

CloudFrunt expects the dnsrecon script to be cloned into a subdirectory called dnsrecon.

Usage

cloudfrunt.py [-h] [-l TARGET_FILE] [-d DOMAINS] [-o ORIGIN] [-i ORIGIN_ID] [-s] [-N]

-h, --help                      Show this message and exit
-s, --save                      Save the results to results.txt
-N, --no-dns                    Do not use dnsrecon to expand scope
-l, --target-file TARGET_FILE   File containing a list of domains (one per line)
-d, --domains DOMAINS           Comma-separated list of domains to scan
-o, --origin ORIGIN             Add vulnerable domains to new distributions with this origin
-i, --origin-id ORIGIN_ID       The origin ID to use with new distributions

Example

$ python cloudfrunt.py -o cloudfrunt.com.s3-website-us-east-1.amazonaws.com -i S3-cloudfrunt -l list.txt

 CloudFrunt v1.0.4

 [+] Enumerating DNS entries for google.com
 [-] No issues found for google.com

 [+] Enumerating DNS entries for disloops.com
 [+] Found CloudFront domain --> cdn.disloops.com
 [+] Found CloudFront domain --> test.disloops.com
 [-] Potentially misconfigured CloudFront domains:
 [#] --> test.disloops.com
 [+] Created new CloudFront distribution EXBC12DE3F45G
 [+] Added test.disloops.com to CloudFront distribution EXBC12DE3F45G

 

R K

Recent Posts

Kali Linux 2024.4 Released, What’s New?

Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…

19 hours ago

Lifetime-Amsi-EtwPatch : Disabling PowerShell’s AMSI And ETW Protections

This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…

19 hours ago

GPOHunter – Active Directory Group Policy Security Analyzer

GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…

3 days ago

2024 MITRE ATT&CK Evaluation Results – Cynet Became a Leader With 100% Detection & Protection

Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…

5 days ago

SecHub : Streamlining Security Across Software Development Lifecycles

The free and open-source security platform SecHub, provides a central API to test software with…

1 week ago

Hawker : The Comprehensive OSINT Toolkit For Cybersecurity Professionals

Don't worry if there are any bugs in the tool, we will try to fix…

1 week ago