daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

AWS - Route53 (2 Templates)

patch-12
Dhiyaneshwaran 2024-10-23 08:26:13 +05:30
parent 29acdda9b2
commit d032491a19
2 changed files with 131 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
cloud/aws/route53/route53-dns-query-disabled.yaml Normal file
View File

@ -0,0 +1,72 @@
id: route53-dns-query-disabled
info:
name: DNS Query Logging for Route 53 Hosted Zones - Disabled
author: DhiyaneshDK
severity: medium
description: |
Domain Name System Security Extensions (DNSSEC) represents a set of protocols that adds a layer of security to the Domain Name System (DNS) lookup and exchange processes by enabling DNS responses to be validated.
impact: |
Disabling DNS query logging for Route 53 hosted zones prevents visibility into DNS queries, making it difficult to detect suspicious activity, troubleshoot issues, or analyze traffic patterns.
remediation: |
Enable DNS query logging in the Route 53 console for the hosted zone to capture and store DNS queries, allowing for better monitoring and analysis of DNS traffic.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/Route53/enable-query-logging.html
- https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/monitoring-overview.html
tags: cloud,devops,aws,amazon,route53,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let HostedZones of iterate(template.hostedzones)){
set("hostedzone", HostedZones)
code(2) && code(3)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws route53 list-hosted-zones --region $region --query "HostedZones[*].Id" --output json
extractors:
- type: json
name: hostedzones
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws route53 get-hosted-zone --id $hostedzone --query "HostedZone.Config.PrivateZone" --region $region --output json
matchers:
- type: word
words:
- 'false'
internal: true
- engine:
- sh
- bash
source: |
aws route53 list-query-logging-configs --hosted-zone-id "$hostedzone" --query "QueryLoggingConfigs" --region $region --output json
matchers:
- type: word
words:
- '[]'
extractors:
- type: dsl
dsl:
- 'hostedzone + " DNSSEC Signing for Route 53 Hosted Zones is Disabled"'

59
cloud/aws/route53/route53-dnssec-signing-disabled.yaml Normal file
View File

@ -0,0 +1,59 @@
id: route53-dnssec-signing-disabled
info:
name: DNSSEC Signing for Route 53 Hosted Zones - Disabled
author: DhiyaneshDK
severity: medium
description: |
Ensure that Domain Name System Security Extensions (DNSSEC) signing is enabled for your Amazon Route 53 public hosted zones in order to protect your domains against spoofing and cache poisoning attacks. By default, DNSSEC signing is not enabled for Route 53 hosted zones.
impact: |
Attackers can hijack the process of domain/IP lookup and redirect users to malicious web content through DNS hijacking and Man-In-The-Middle (MITM) attacks. DNSSEC security feature helps mitigate the risk of such attacks by encrypting signing DNS records.
remediation: |
Enable DNSSEC signing in the Route 53 console for the hosted zone, sign the zone with a strong key algorithm, and ensure all DNS records are published correctly.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/Route53/enable-query-logging.html
- https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/monitoring-overview.html
tags: cloud,devops,aws,amazon,route53,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let HostedZones of iterate(template.hostedzones)){
set("hostedzone", HostedZones)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws route53 list-hosted-zones --region $region --query "HostedZones[*].Id" --output json
extractors:
- type: json
name: hostedzones
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws route53 get-dnssec --region $region --hosted-zone-id "$hostedzone" --query "Status.ServeSignature" --output json
matchers:
- type: word
words:
- 'NOT_SIGNING'
extractors:
- type: dsl
dsl:
- 'hostedzone + " DNSSEC Signing for Route 53 Hosted Zones is Disabled"'