External Attack Surface Management Reverse DNS redux
jonrau1 opened this issue · comments
I'm too lazy to write these as usual...
Using socket
while running ElectricEye from within AWS - especially in the same VPC boundary (via Lattice, subnet, TGW, Transit VPC, DX, S2S, etc.) - it will resolve the private IPs and not public IPs which is only mildly annoying for NMAP (GuardDuty seems more sensitive for inner-boundary shit) but it breaks Shodan
- Rewrite all reverse DNS to use Google's DNS resolution
- Rewrite Amazon MQ, DMS, and other Auditor checks that use the IP addresses (especially when the sub-service versions don't have it)
- Rewrite Shodan checks while you're at it -- take out
ThreatIntelIndicators
and add missingRemediation
entries