aws takeover-subdomain cloudfront s3-bucket s3-buckets

RaST - Rapid Subdomain Takeover

This program is designed to create a proof of concept for the subdomain takeover vulnerability on pages hosted on AWS. The program checks if the "NoSuchBucket" error exists on the page and then creates a bucket with the same name and submits an index.html file for this bucket to consolidate the PoC. It is important to note that this program was created for a proof of concept. Any malicious action is the sole responsibility of the agent who performed it.

🕷️ Installing RaST

Clone the repository:

git clone https://github.com/eremit4/RaST.git

Install the libraries:

python -m pip install -r requirements.txt

🕶️ Prerequisites

Insert your AWS credentials in configs/config.json

{
  "ACCESS_KEY_ID": "",
  "SECRET_ACCESS_KEY": "",
  "REGION": ""
}

🕸️ Using RaST

Run the program:

python rast.py --help

📝 License

This project is under the MIT License.

About

Taking control over AWS subdomains with "NoSuchBucket" error

aws takeover-subdomain cloudfront s3-bucket s3-buckets

MIT License

Languages

Language:Python 100.0%