CloudJack
Assesses AWS accounts for subdomain hijacking via Route53/CloudFront
CloudJack
Assesses AWS accounts for subdomain hijacking via Route53/CloudFront
CloudJack Description
CloudJack is a vulnerability assessment utility that identifies subdomain hijacking vulnerabilities in AWS environments resulting from decoupled Route53 and CloudFront configurations. The tool detects two specific vulnerability scenarios: Route53 aliases that reference deleted CloudFront web distributions, and Route53 aliases that point to active CloudFront distributions with deleted CNAMEs. The tool operates by analyzing AWS Route53 hosted zones and CloudFront distributions to identify misconfigurations that could allow attackers to create matching CloudFront distributions or CNAMEs in their own accounts. This exploitation enables attackers to spoof the victim's web site content that would otherwise be accessed through the legitimate account. CloudJack requires AWS IAM credentials with specific permissions for Route53 ListHostedZones, ListResourceRecordSets, and CloudFront ListDistributions actions. The tool integrates with AWS CLI configurations stored in ~/.aws/credentials and supports multiple AWS profiles. It provides output in both text and JSON formats for integration with other security workflows. The utility is implemented in Python and uses the AWS SDK boto3 package. Both Python 2 and Python 3 versions are available. The tool is released under GPL-3.0 license and is available as an open source project on GitHub.
FEATURED
Password manager with end-to-end encryption and identity protection features
VPN service providing encrypted internet connections and privacy protection
Fractional CISO services for B2B companies to accelerate sales and compliance
Stay Updated with Mandos Brief
Get the latest cybersecurity updates in your inbox
TRENDING CATEGORIES
POPULAR
Security platform that provides protection, monitoring and governance for enterprise generative AI applications and LLMs against various threats including prompt injection and data poisoning.
A threat intelligence aggregation service that consolidates and summarizes security updates from multiple sources to provide comprehensive cybersecurity situational awareness.
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.