Ghostbuster

Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts.

Ghostbuster obtains all the DNS records present in all of your AWS accounts (Route53), and can optionally take in records via CSV input, or via Cloudflare.

After these records are collected, Ghostbuster iterates through all of your AWS Elastic IPs and Network Interface Public IPs and collects this data.

By having a complete picture of the DNS records (from route53, file input or cloudflare) and having a complete picture of the AWS IPs owned by your organization, this tool can detect subdomains that are pointing to dangling elastic IPs (IPs you no longer own).

Project Features:
- Dynamically iterates through each AWS profile configured in .aws/config
- Pulls A records from AWS Route53
- Pulls A records from Cloudflare (optional)
- Pulls A records from CSV input (optional)
- Iterate through all regions, a single region, or a comma delimitted list of regions
- Obtains all Elastic IPs associated with all of your AWS accounts
- Obtains all Public IPs associated with all of your AWS accounts
- Cross checks the DNS records, with IPs owned by your organization to detect potential takeovers
- Slack Webhook support to send notifications of takeovers