Scans Amazon Route53 to identify:
- Alias records for CloudFront distributions with missing S3 origin
- CNAME records for CloudFront distributions with missing S3 origin
- ElasticBeanstalk Alias records vulnerable to takeover
- ElasticBeanstalk CNAMES vulnerable to takeover
- Registered domains with missing hosted zones
- Subdomain NS delegations vulnerable to takeover
- S3 Alias records vulnerable to takeover
- S3 CNAMES vulnerable to takeover
- Vulnerable CNAME records for Azure resources
- CNAME records for missing Google Cloud Storage buckets
- A records pointing to IP addresses no longer in use
- NS subdomains
- CNAMEs pointing to missing resources, e.g. Elastic Beanstalk, Azure storage
- Cloudflare proxy configured with S3 origin in Free plan, directs to non-existent S3 bucket matching domain name
Vulnerable domains in Google Cloud DNS can be detected by Domain Protect for GCP