About DNS Charts

This project was born out of an idea expressed when writing the recon paragraph of How to Hack Like a Ghost. Given a list of domains, I wanted to find their CNAME records and map them to possible Cloud services: AWS S3, AWS API Gateway, Cloudflare and what have you. A simple glance at the resulting graph would help zero-in on the most interesting targets.

A few lines of code later, DNS Charts was born.

This level of reconnaissance may help prioritize endpoints, bypass CDNs, locate subdomain takeover opportunities, etc. Of course, it is especially useful against companies relying predominantly on Cloud infrastructure.
Ps: The tool is heavily geared toward AWS for the moment, but will soon work on adding Azure and GCP.