Last active
August 25, 2022 10:53
-
-
Save azurekid/5705f46fe3b38766b2a38223e250f511 to your computer and use it in GitHub Desktop.
PowerShell script to scrape SAS Token properties
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CmdletBinding()] | |
| param ( | |
| [Parameter(Mandatory = $false)] | |
| [string]$SasUri, | |
| [Parameter(Mandatory = $false)] | |
| [string]$SasToken | |
| ) | |
| Clear-Host | |
| Write-Host "[+] Start collection SAS Token information" | |
| #Variables | |
| Add-Type -AssemblyName system.web | |
| if (![string]::IsNullOrWhiteSpace($SasUri)) { | |
| $storageUri = $SasUri -split "\?" | |
| $tokenArray = $storageUri[1] -split '&' | |
| } elseif (!([string]::IsNullOrWhiteSpace($SasToken))) { | |
| $tokenArray = $SasToken -split '&' | |
| if ($tokenArray.count -lt 1) { | |
| Write-Host "[-] Error: No valid SAS token provided" -ForegroundColor Red | |
| break | |
| } | |
| } else { | |
| Write-Host "[-] Error: No valid parameters provided" -ForegroundColor Red | |
| break | |
| } | |
| $permissionList = New-Object System.Collections.ArrayList | |
| $resourceList = New-Object System.Collections.ArrayList | |
| $resourceTypes = New-Object System.Collections.ArrayList | |
| $services = New-Object System.Collections.ArrayList | |
| $tokenObjects = [ordered]@{ | |
| 'Storage Uri' = "$($storageUri)" | |
| } | |
| Write-Host '[+] Processing token properties' -ForegroundColor Green | |
| $tokenArray | ForEach-Object { | |
| if ($_ -like "spr=*") { $tokenObjects.Protocol = ($_).substring(4) } | |
| if ($_ -like "st=*") { $tokenObjects."Start Time" = ($_).substring(3) } | |
| if ($_ -like "se=*") { $tokenObjects."Expiry Time" = ($_).substring(3) } | |
| if ($_ -like "sv=*") { $tokenObjects."Service Version" = ($_).substring(3) } | |
| if ($_ -like "sp=*") { $tokenObjects."Permissions" = ($_).substring(3) } | |
| if ($_ -like "sip=*") { $tokenObjects."IP Address" = ($_).substring(4) } | |
| if ($_ -like "sig=*") { | |
| $tokenObjects."Signature" = ($_).substring(4) | |
| $tokenObjects."Base64 Signature" = [System.Web.HttpUtility]::UrlDecode($tokenObjects."Signature") | |
| } | |
| if ($_ -like "srt=*") { | |
| $tokenObjects."Resource Types" = ($_).substring(4) | |
| $tokenObjects."Token Type" = 'Account-level SAS' | |
| $tokenObjects."Resource Types".ToCharArray() | ForEach-Object { | |
| if ($_ -eq 's') { $resourceTypes += ('Service-level APIs') } | |
| if ($_ -eq 'c') { $resourceTypes += ('Container-level APIs') } | |
| if ($_ -eq 'o') { $resourceTypes += ('Object-level APIs') } | |
| } | |
| $tokenObjects."Resource Types" = $resourceTypes | |
| } | |
| if ($_ -like "sr=*") { | |
| $tokenObjects."Storage Resource" = ($_).substring(3) | |
| $tokenObjects."Token Type" = 'user-level SAS' | |
| $tokenObjects."Storage Resource".ToCharArray() | ForEach-Object { | |
| if ($_ -eq 'b') { $resourceList += ('Blob') } | |
| if ($_ -eq 'bv') { $resourceList += ('Blob version') } | |
| if ($_ -eq 'bs') { $resourceList += ('Blob snapshot') } | |
| if ($_ -eq 'c') { $resourceList += ('Container') } | |
| if ($_ -eq 'd') { $resourceList += ('Directory') } | |
| } | |
| $tokenObjects."Storage Resource" = $resourceList | |
| } | |
| if ($_ -like "ss=*") { | |
| $tokenObjects."Services" = ($_).substring(3) | |
| Write-Host "[+] Processing Services" -ForegroundColor Green | |
| $tokenObjects."Services".ToCharArray() | ForEach-Object { | |
| if ($_ -eq 'b') { $services += ('Blob') } | |
| if ($_ -eq 'q') { $services += ('Queue') } | |
| if ($_ -eq 't') { $services += ('Table') } | |
| if ($_ -eq 'f') { $services += ('File') } | |
| } | |
| $tokenObjects."Services" = $services | |
| } | |
| } | |
| Write-Host "[+] Processing Permissions" -ForegroundColor Green | |
| $tokenObjects.Permissions.ToCharArray() | ForEach-Object { | |
| if ($_ -eq 'r') { $permissionList += ('Read') } | |
| if ($_ -eq 'a') { $permissionList += ('Add') } | |
| if ($_ -eq 'c') { $permissionList += ('Create') } | |
| if ($_ -eq 'w') { $permissionList += ('Write') } | |
| if ($_ -eq 'd') { $permissionList += ('Delete') } | |
| if ($_ -eq 'x') { $permissionList += ('Delete Version') } | |
| if ($_ -eq 'y') { $permissionList += ('Permanent Delete') } | |
| if ($_ -eq 'l') { $permissionList += ('List') } | |
| if ($_ -eq 't') { $permissionList += ('Tags') } | |
| if ($_ -eq 'f') { $permissionList += ('Find') } | |
| if ($_ -eq 'm') { $permissionList += ('Move') } | |
| if ($_ -eq 'e') { $permissionList += ('Execute') } | |
| if ($_ -eq 'o') { $permissionList += ('Ownership') } | |
| if ($_ -eq 'P') { $permissionList += ('Permissions') } | |
| if ($_ -eq 'i') { $permissionList += ('Set Immutability Policy') } | |
| } | |
| $tokenObjects.Permissions = $permissionList | |
| return $tokenObjects | ConvertTo-Json | ConvertFrom-Json |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment