Domain-Protect is an OWASP Domain Protect – prevent subdomain takeover.
Prevent subdomain takeover …
… with serverless cloud infrastructure
OWASP Global AppSec Dublin – talk and demo
- scan Amazon Route53 across an AWS Organization for domain records vulnerable to takeover
- scan Cloudflare for vulnerable DNS records
- take over vulnerable subdomains yourself before attackers and bug bounty researchers
- automatically create known issues in Bugcrowd or HackerOne
- vulnerable domains in Google Cloud DNS can be detected by Domain Protect for GCP
- manual scans of cloud accounts with no installation
- the simplest way to install is to use the separate Domain Protect Deploy repository with GitHub Actions deployment workflow
- for other methods see Installation
We welcome collaborators! Please see the OWASP Domain Protect website for more details.
Manual scans – AWS
Manual scans – CloudFlare
Automated takeover optional feature
Cloudflare optional feature
Bugcrowd optional feature
HackerOne optional feature
Vulnerable A records (IP addresses) optional feature
AWS IAM policies
Conference Talks and Blog Posts
This tool cannot guarantee 100% protection against subdomain takeovers.
Please consider following and supporting us to stay updated with the latest info