Skip to content
Route53/CloudFront Vulnerability Assessment Utility
Branch: master
Clone or download
bryan-mcaninch-cognizant banner formatting
Latest commit a6e2fe9 Sep 20, 2018
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE banner formatting Sep 20, 2018


AWS Route53/CloudFront Vulnerability Assessment Utility

CloudJack assesses AWS accounts for subdomain hijacking vulnerabilities as a result of decoupled Route53 and CloudFront configurations. This vulnerability exists if a Route53 alias references 1) a deleted CloudFront web distribution or 2) an active CloudFront web distribution with deleted CNAME(s).

If this decoupling is discovered by an attacker, they can simply create a CloudFront web distribution and/or CloudFront NAME(s) in their account that match the victim account's Route53 A record host name. Exploitation of this vulnerability results in the ability to spoof the victim's web site content, which otherwise would have been accessed through the victim's account.

CloudJacking video at Austin OWASP May 2018:


  1. AWS IAM access key ID and corresponding secret key

  2. AWS CLI installation configured with profile(s), access key ID(s), and secret key(s) in ~/.aws/credentials

  3. AWS IAM policy allowing Route53 ListHostedZones and ListResourceRecordSets actions

  4. AWS IAM policy allowing CloudFront ListDistributions actions

  5. Python and AWS SDK boto3 package

    • pip install boto3

Usage: $ python -o [text|json] -p [profile]


  • $ python -o json -p default
  • $ python -o text -p default
  • $ python -o json -p myprofile
  • $ python -o text -p myprofile


  1. Assess S3/CloudFront decoupling
  2. Offensive reconnaissance and exploitation features


You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.