如何利用Ghostbuster消除Elastic悬空IP
发布时间:2022-04-04 15:07 所属栏目:53 来源:互联网
导读:Ghostbuster是一款功能强大的Elastic安全审计工具,该工具可以通过对目标AWS账号中的资源进行分析,从而消除Elastic悬空IP。 Ghostbuster可以帮助广大研究人员获取目标AWS账号(Route53)中所有的DNS记录,并能够选择通过CSV输入或Cloudflare来接收搜索到的记
|
Ghostbuster是一款功能强大的Elastic安全审计工具,该工具可以通过对目标AWS账号中的资源进行分析,从而消除Elastic悬空IP。 Ghostbuster可以帮助广大研究人员获取目标AWS账号(Route53)中所有的DNS记录,并能够选择通过CSV输入或Cloudflare来接收搜索到的记录。 在拿到所有DNS记录(来自route53、文件输入或cloudflare)的完整信息,以及目标组织拥有的AWS IP的完整信息之后,该工具将能够检测出指向悬空Elastic IP(已失效)的子域名了。 功能介绍 动态枚举".aws/config"中的每一个AWS账号; 从AWS Route53中提取记录; 从Cloudflare中提取记录(可选); 从CSV输入中提取记录(可选); 遍历所有区域、单个区域或以逗号分隔的区域列表; 获取与所有AWS帐户关联的所有Elastic IP; 获取与所有AWS帐户关联的所有公共IP; 交叉检查DNS记录,以及组织拥有的IP,以检测潜在的接管风险; Slack Webhook支持发送接管通知; 工具下载&安装 该工具基于Python开发,因此我们首先需要在本地设备上安装并配置好Python 3.x环境。 复制 pip install ghostbuster 1. 然后通过"捉鬼敢死队"命令来使用Ghostbuster即可。 工具使用 复制 ❯ ghostbuster scan aws --help Usage: ghostbuster scan aws [OPTIONS] 配置AWS账号 .aws/credentials: 工具使用样例 运行Ghostbuster,提供Cloudflare DNS记录的访问令牌,向Slack Webhook发送通知,遍历的所有AWS区域中".aws/config or .aws/credentials"内配置的每一个AWS账号: 复制 ❯ ghostbuster scan aws --cloudflaretoken APIKEY --slackwebhook https://hooks.slack.com/services/KEY --allregions 1. 使用手动输入的子域名A记录列表(具体可参考records.csv格式)运行Ghostbuster: 复制 ❯ ghostbuster scan aws --records records.csv 1. 工具输出样例 复制 ❯ ghostbuster scan aws --cloudflaretoken whougonnacall Obtaining all zone names from Cloudflare. Obtaining DNS A records for all zones from Cloudflare. Obtained 33 DNS A records so far. Obtaining Route53 hosted zones for AWS profile: default. Obtaining Route53 hosted zones for AWS profile: account-five. Obtaining Route53 hosted zones for AWS profile: account-four. Obtaining Route53 hosted zones for AWS profile: account-four-deploy. Obtaining Route53 hosted zones for AWS profile: account-two-deploy. Obtaining Route53 hosted zones for AWS profile: account-one-deploy. Obtaining Route53 hosted zones for AWS profile: account-three-deploy. Obtaining Route53 hosted zones for AWS profile: account-six. Obtaining Route53 hosted zones for AWS profile: account-seven. Obtaining Route53 hosted zones for AWS profile: account-one. Obtained 124 DNS A records so far. Obtaining EIPs for region: us-east-1, profile: default Obtaining IPs for network interfaces for region: us-east-1, profile: default Obtaining EIPs for region: us-east-1, profile: account-five Obtaining IPs for network interfaces for region: us-east-1, profile: account-five Obtaining EIPs for region: us-east-1, profile: account-four Obtaining IPs for network interfaces for region: us-east-1, profile: account-four Obtaining EIPs for region: us-east-1, profile: account-four-deploy Obtaining IPs for network interfaces for region: us-east-1, profile: account-four-deploy Obtaining EIPs for region: us-east-1, profile: account-two-deploy Takeover possible: {'name': 'takeover.assetnotecloud.com', 'records': ['52.54.24.193']} 许可证协议 本项目的开发与发布遵循AGPL-3.0开源许可证协议。 (编辑:ASP站长网) |
相关内容
Redis未授权检测漏洞G
严峻Web对抗环境下的W
遭黑客盗走AMD GPU 部
企业级信息防泄漏大方网友评论
推荐文章
热点阅读
