Skip to content

Instantly share code, notes, and snippets.

@dafthack
Created May 25, 2020 14:15
Show Gist options
  • Save dafthack/176d81d2093784c2eda7203b6e8308e8 to your computer and use it in GitHub Desktop.
Save dafthack/176d81d2093784c2eda7203b6e8308e8 to your computer and use it in GitHub Desktop.
A proof of concept script for discovering AWS dangling domains
#!/bin/bash
# This script attempts to locate potential dangling domains on AWS. You need AWS CLI installed and your keys configured
# Make sure you insert your Bing API key below as well.
# All the sleeps were necessary to not allocate the same IP address multiple times
while true
do
unset IP
unset ALLOCID
unset RESULTS
IP=$(aws ec2 allocate-address --region us-west-1 --output text --query 'PublicIp')
sleep 10
ALLOCID=$(aws ec2 describe-addresses --region us-west-1 --output text --query 'Addresses[0].AllocationId')
echo "Checking address: $IP with allocID: $ALLOCID"
sleep 10
# Put your Bing v7.0 API key in the next line after Ocp-Apim-Subscription-Key
RESULTS=$(curl -s -H "Ocp-Apim-Subscription-Key: BING-API-KEY-GOES-HERE" "https://api.cognitive.microsoft.com/bing/v7.0/search?q=ip:$IP&count=1&mkt-en-us")
if echo "$RESULTS" | grep 'displayUrl'; then
echo "We found one! $IP"
break
else
echo "Releasing Address $IP with allocID: $ALLOCID"
RELEASE=$(aws ec2 release-address --region us-west-1 --allocation-id $ALLOCID)
sleep 20
fi
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment