斗破苍穹续集,管理书籍排行榜,性爱有声小说在线收听

新聞中心

這里有您想知道的互聯(lián)網(wǎng)營銷解決方案

如何使用Ghostbuster消除Elastic懸空IP

關于幽靈破壞者

Ghostbuster是一款功能強大的Elastic安全審計工具，該工具可以通過對目標AWS賬號中的資源進行分析，從而消除Elastic懸空IP。

高臺ssl適用于網(wǎng)站、小程序/APP、API接口等需要進行數(shù)據(jù)傳輸應用場景，ssl證書未來市場廣闊！成為創(chuàng)新互聯(lián)的ssl證書銷售渠道，可以享受市場價格4-6折優(yōu)惠！如果有意向歡迎電話聯(lián)系或者加微信：18980820575（備注：SSL證書合作）期待與您的合作！

Ghostbuster可以幫助廣大研究人員獲取目標AWS賬號(Route53)中所有的DNS記錄，并能夠選擇通過CSV輸入或Cloudflare來接收搜索到的記錄。

收集到這些記錄和數(shù)據(jù)之后，捉鬼敢死隊將會遍歷所有AWS Elastic IP和網(wǎng)絡接口公共IP，并收集這些數(shù)據(jù)。

在拿到所有DNS記錄(來自route53、文件輸入或cloudflare)的完整信息，以及目標組織擁有的AWS IP的完整信息之后，該工具將能夠檢測出指向懸空Elastic IP(已失效)的子域名了。

功能介紹

動態(tài)枚舉".aws/config"中的每一個AWS賬號；
從AWS Route53中提取記錄；
從Cloudflare中提取記錄(可選)；
從CSV輸入中提取記錄(可選)；
遍歷所有區(qū)域、單個區(qū)域或以逗號分隔的區(qū)域列表；
獲取與所有AWS帳戶關聯(lián)的所有Elastic IP；
獲取與所有AWS帳戶關聯(lián)的所有公共IP；
交叉檢查DNS記錄，以及組織擁有的IP，以檢測潛在的接管風險；
Slack Webhook支持發(fā)送接管通知；

工具下載&安裝

該工具基于Python開發(fā)，因此我們首先需要在本地設備上安裝并配置好Python 3.x環(huán)境。

捉鬼敢死隊的下載和安裝都非常簡單，廣大研究人員可以使用下列命令將該項目源碼克隆至本地：

git clone https://github.com/assetnote/ghostbuster.git

或者直接使用下列命令進行安裝：

pip install ghostbuster

然后通過"捉鬼敢死隊"命令來使用Ghostbuster即可。

工具使用

 ghostbuster scan aws --help                                                                                                                                                                     

Usage: ghostbuster scan aws [OPTIONS]

 

  Scan for dangling elastic IPs inside your AWS accounts.

 

Options:

  --profile TEXT           指定Ghostbuster需要掃描的AWS賬號信息

 

  --skipascii              Ghostbuster啟動之后，不打印ASCII字符

 

  --slackwebhook TEXT    指定一個Slack Webhook URL以發(fā)送潛在接管的通知信息 

 

  --records PATH          手動指定要檢查的DNS記錄。Ghostbuster將在檢查檢索到的DNS記錄后檢查這些IP

 

  --cloudflaretoken TEXT   從Cloudflare中提取DNS記錄，需提供CF API令牌

 

  --allregions              掃描全范圍

  --exclude TEXT          要排除的配置文件名稱列表，用逗號分隔

  --regions TEXT           要掃描的區(qū)域列表，用逗號分隔

  --help                  顯示幫助信息和退出

配置Cloudflare

配置AWS賬號

.aws/credentials：

[default]

aws_access_key_id = AKIAIII...

aws_secret_access_key = faAaAaA...

.aws/config：

[default]

output = table

region = us-east-1

 

[profile account-one]

role_arn = arn:aws:iam::911111111113:role/Ec2Route53Access

source_profile = default

region = us-east-1

 

[profile account-two]

role_arn = arn:aws:iam::911111111112:role/Ec2Route53Access

source_profile = default

region = us-east-1

 

[profile account-three]

region = us-east-1

role_arn = arn:aws:iam::911111111111:role/Ec2Route53Access

source_profile = default

工具使用樣例

運行Ghostbuster，提供Cloudflare DNS記錄的訪問令牌，向Slack Webhook發(fā)送通知，遍歷的所有AWS區(qū)域中".aws/config or .aws/credentials"內配置的每一個AWS賬號：

 ghostbuster scan aws --cloudflaretoken APIKEY --slackwebhook https://hooks.slack.com/services/KEY --allregions

使用手動輸入的子域名A記錄列表(具體可參考records.csv格式)運行Ghostbuster：

 ghostbuster scan aws --records records.csv

工具輸出樣例

 ghostbuster scan aws --cloudflaretoken whougonnacall

Obtaining all zone names from Cloudflare.

Obtaining DNS A records for all zones from Cloudflare.

Obtained 33 DNS A records so far.

Obtaining Route53 hosted zones for AWS profile: default.

Obtaining Route53 hosted zones for AWS profile: account-five.

Obtaining Route53 hosted zones for AWS profile: account-four.

Obtaining Route53 hosted zones for AWS profile: account-four-deploy.

Obtaining Route53 hosted zones for AWS profile: account-two-deploy.

Obtaining Route53 hosted zones for AWS profile: account-one-deploy.

Obtaining Route53 hosted zones for AWS profile: account-three-deploy.

Obtaining Route53 hosted zones for AWS profile: account-six.

Obtaining Route53 hosted zones for AWS profile: account-seven.

Obtaining Route53 hosted zones for AWS profile: account-one.

Obtained 124 DNS A records so far.

Obtaining EIPs for region: us-east-1, profile: default

Obtaining IPs for network interfaces for region: us-east-1, profile: default

Obtaining EIPs for region: us-east-1, profile: account-five

Obtaining IPs for network interfaces for region: us-east-1, profile: account-five

Obtaining EIPs for region: us-east-1, profile: account-four

Obtaining IPs for network interfaces for region: us-east-1, profile: account-four

Obtaining EIPs for region: us-east-1, profile: account-four-deploy

Obtaining IPs for network interfaces for region: us-east-1, profile: account-four-deploy

Obtaining EIPs for region: us-east-1, profile: account-two-deploy

Obtaining IPs for network interfaces for region: us-east-1, profile: account-two-deploy

Obtaining EIPs for region: us-east-1, profile: account-one-deploy

Obtaining IPs for network interfaces for region: us-east-1, profile: account-one-deploy

Obtaining EIPs for region: us-east-1, profile: account-three-deploy

Obtaining IPs for network interfaces for region: us-east-1, profile: account-three-deploy

Obtaining EIPs for region: us-east-1, profile: account-six

Obtaining IPs for network interfaces for region: us-east-1, profile: account-six

Obtaining EIPs for region: us-east-1, profile: account-seven

Obtaining IPs for network interfaces for region: us-east-1, profile: account-seven

Obtaining EIPs for region: us-east-1, profile: account-one

Obtaining IPs for network interfaces for region: us-east-1, profile: account-one

Obtained 415 unique elastic IPs from AWS.

 

 

Takeover possible: {'name': 'takeover.assetnotecloud.com', 'records': ['52.54.24.193']}

許可證協(xié)議

本項目的開發(fā)與發(fā)布遵循??AGPL-3.0??開源許可證協(xié)議。

項目地址

捉鬼敢死隊：【??GitHub傳送門??】

分享標題：如何使用Ghostbuster消除Elastic懸空IP
文章路徑：http://www.fisionsoft.com.cn/article/cdhcscc.html