Automate Recon and scanning process with Vidoc. All security teams in one place
The "Detect AWS Subdomain Takeover" module is designed to identify a vulnerability known as AWS Subdomain takeover. This vulnerability occurs when a subdomain, such as
subdomain.example.com, is pointing to an AWS resource, like an S3 bucket or CloudFront distribution, that has been deleted or is no longer in use. The severity of this vulnerability is classified as medium.
If an AWS Subdomain takeover is successful, an attacker can gain control of the subdomain and potentially use it for malicious purposes.
The "Detect AWS Subdomain Takeover" module works by performing specific HTTP requests and analyzing the responses for certain conditions. It uses a set of matching conditions to identify potential subdomain takeover vulnerabilities.
Here is an example of one of the matching conditions:
Part: Body Type: Word Words: ["The specified bucket does not exist"] Condition: AND
This condition checks if the response body contains the phrase "The specified bucket does not exist". If this condition is met, it indicates a potential subdomain takeover vulnerability.
Other matching conditions include checking for the presence of certain headers or specific words in the response body.
Please note that this module is part of the Vidoc platform and is intended for scanning and detecting vulnerabilities, misconfigurations, or software fingerprints.