Some random Route53 one-liners
So, I am preparing to do some internal pen testing and wanted a complete dump of our DNS. Since we have over 80 AWS accounts, up to three per team, scanning through code and enumerating was going to take weeks. Surely there's a better way? Well, it's one account at a time, but it's still better!
Let's create a list of all our hosted zones:
aws route53 list-hosted-zones | jq '.HostedZones[].Name' | sed s/\"//g > /tmp/zones.txt
Nice, half way there! Now, let's get a BIND formatted dump of each domain. Wait...AWS CLI doesn't have the capability??? Enter the tool "cli53": https://github.com/barnybug/cli53
git clone https://github.com/barnybug/cli53.git
With this tool, we can do a boat load of things with Route53, including a BIND formatted dump:
for each in `cat /tmp/zones.txt`; do cli53 export --full $each > /tmp/$each.zone; done
SAWEET! Want some extra credit? How about we pull a list of all EIPs attached to ENIs? In the next blog we'll do just that, as well as dig through our zones to see if any of them have A records!