CloudFrunt is a tool for identifying misconfigured CloudFront domains. CloudFront is a Content Delivery Network (CDN) gave by Amazon Web Services (AWS). CloudFront clients make “distributions” that serve content from particular sources (an S3 container, for instance).
Each CloudFront distribution has a remarkable endpoint for clients to point their DNS records to (ex. d111111abcdef8.cloudfront.net). The greater part of the areas utilizing a particular distribution should be recorded in the “Alternate Domain Names (CNAMEs)” field in the choices for that distribution.
At the point when a CloudFront endpoint gets a demand, it doesn’t consequently serve content from the relating distribution. Rather, CloudFront utilizes the HOST header of the demand to figure out which distribution to utilize. This implies two things:
Also Read Best SQL Injection Tools
This is the thing that enables the spaces to be hijacked. There are numerous situations where a CloudFront client neglects to list all the essential areas that may be gotten in the HOST header. For instance:
This implies the remarkable endpoint that CloudFront binds to a solitary circulation is viably good for nothing. An ask for to one particular CloudFront subdomain isn’t restricted to the distribution it is related with.
$ git clone --recursive https://github.com/MindPointGroup/cloudfrunt
$ pip install -r requirements.txt
CloudFrunt expects the dnsrecon script to be cloned into a subdirectory called dnsrecon.
cloudfrunt.py [-h] [-l TARGET_FILE] [-d DOMAINS] [-o ORIGIN] [-i ORIGIN_ID] [-s] [-N]
-h, --help Show this message and exit
-s, --save Save the results to results.txt
-N, --no-dns Do not use dnsrecon to expand scope
-l, --target-file TARGET_FILE File containing a list of domains (one per line)
-d, --domains DOMAINS Comma-separated list of domains to scan
-o, --origin ORIGIN Add vulnerable domains to new distributions with this origin
-i, --origin-id ORIGIN_ID The origin ID to use with new distributions
$ python cloudfrunt.py -o cloudfrunt.com.s3-website-us-east-1.amazonaws.com -i S3-cloudfrunt -l list.txt
CloudFrunt v1.0.4
[+] Enumerating DNS entries for google.com
[-] No issues found for google.com
[+] Enumerating DNS entries for disloops.com
[+] Found CloudFront domain --> cdn.disloops.com
[+] Found CloudFront domain --> test.disloops.com
[-] Potentially misconfigured CloudFront domains:
[#] --> test.disloops.com
[+] Created new CloudFront distribution EXBC12DE3F45G
[+] Added test.disloops.com to CloudFront distribution EXBC12DE3F45G
Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…