Domain-Protect is an OWASP Domain Protect – prevent subdomain takeover.
Prevent subdomain takeover …
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjYhm1SszBQjKe5mtLFv0xUFnlLyXylgMS0uDcfma5cNXMfVW33cKgYFHwRs1kVJ9s78HzYsVMyZtAOrFbwJoQkm0wdjSDVhwyBGQMykj3VPnwSDDMX7mQQ1Tgx_7vSgMTTKi05sxaLE8jcIundIv-93MBs8Ej6_f2QCNLt3xCQ0x1BvmR4zldb0yY5TeM/s16000/11.png)
… with serverless cloud infrastructure
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyeASStv1cwa3O5b-ZS1VjraW3UvVISMes3qBx7Aco2qzfRFSRrBOnSjwMjKgNsnjkdi6EklxpUQIGDnJyDaaa5XLw4jdmRJA-9UXDbObnW949fmt93tthawEjqXuM4BwAxLT9EgJ7w37anlAuLBjn3GObReqjQ999I2UU2yNCUS1NRUmwPMo9mBBr69A/s16000/22.png)
OWASP Global AppSec Dublin – talk and demo
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhG1dajS64mVCMj_taThlak9Jsq1cTy2ig6aXwZ1-EH12QmgxndgNGCy5NJ_Y063RVNVhkBw1vBoomWhOfdXeWzvCIFuubEdRYqmruV1j6SK2O-menLjTwmigl2gVFjYtwSGaF11k7EdUcjtldC88IhdqtuGS30mi7E_dS0_PvZLNNoK7BSdyZvLmevvG0/s16000/33.png)
Features
- scan Amazon Route53 across an AWS Organization for domain records vulnerable to takeover
- scan Cloudflare for vulnerable DNS records
- take over vulnerable subdomains yourself before attackers and bug bounty researchers
- automatically create known issues in Bugcrowd or HackerOne
- vulnerable domains in Google Cloud DNS can be detected by Domain Protect for GCP
- manual scans of cloud accounts with no installation
Installation
- the simplest way to install is to use the separate Domain Protect Deploy repository with GitHub Actions deployment workflow
- for other methods see Installation
Collaboration
We welcome collaborators! Please see the OWASP Domain Protect website for more details.
Documentation
Manual scans – AWS
Manual scans – CloudFlare
Architecture
Database
Reports
Automated takeover optional feature
Cloudflare optional feature
Bugcrowd optional feature
HackerOne optional feature
Vulnerability types
Vulnerable A records (IP addresses) optional feature
Requirements
Installation
Slack Webhooks
AWS IAM policies
CI/CD
Development
Code Standards
Automated Tests
Manual Tests
Conference Talks and Blog Posts
Limitations
This tool cannot guarantee 100% protection against subdomain takeovers.
Please consider following and supporting us to stay updated with the latest info