Check if Route53 Records contains dangling IPs.
route53_dangling_ip_subdomain_takeover
Check if Route53 Records contains dangling IPs.
Risk
When an ephemeral AWS resource such as an Elastic IP (EIP) is released into the Amazon's Elastic IP pool, an attacker may acquire the EIP resource and effectively control the domain/subdomain associated with that EIP in your Route 53 DNS records.
Run this check with Prowler CLI
prowler aws --checks route53_dangling_ip_subdomain_takeover
Remediation
aws route53 change-resource-record-sets --hosted-zone-id <resource_id>
https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/Route53/dangling-dns-records.html
Ensure that any dangling DNS records are deleted from your Amazon Route 53 public hosted zones in order to maintain the integrity and authenticity of your domains/subdomains and to protect against domain hijacking attacks.
Source Code
Resource Type
Other