Skip to content

Instantly share code, notes, and snippets.

@dafthack
Created June 2, 2023 16:42
Show Gist options
  • Save dafthack/86b774127c1dc9f7071bf5b56bd23108 to your computer and use it in GitHub Desktop.
Save dafthack/86b774127c1dc9f7071bf5b56bd23108 to your computer and use it in GitHub Desktop.
PowerShell script for checking each Azure storage container to determine if they are publicly accessible
function Invoke-AzPublicStorageEnum{
# First create a list of storage accounts and containers from ScoutSuite results
# tail scoutsuite_results*.js -n +2 | jq -r '.services.storageaccounts.subscriptions[].storage_accounts[] | .blob_containers_count,.name,.blob_containers[].id' > /root/Desktop/storage-array.txt
[string[]]$arrayFromFile = Get-Content -Path '.\storage-array.txt'
$FullList = @()
$PossiblePublicContainers = @()
$defpublic = @()
# $linenumber = [array]::IndexOf($arrayFromFile, $line)
$linenumber = 0
ForEach($line in $arrayFromFile){
If ($arrayFromFile[$linenumber] -In 1..10000){
# Get the name of the storage account we are testing
$storageaccount = $arrayFromFile[$linenumber + 1]
#Write-Output ("Currently checking storage account " + $storageaccount)
# Get the total number of containers
$containertotal = $arrayFromFile[$linenumber]
#Write-Output ("Container total = " + $containertotal)
# Create a range of line numbers associated with container lines
$containerstart = $linenumber + 2
$containerend = $containerstart + $containertotal - 1
#Write-Output ("Container lines are starting at " + $containerstart + " and ending at " + $containerend)
Write-Output ("[*] Storage Account: " + $storageaccount)
# For each line in the list of container lines
foreach($i in $containerstart..$containerend)
{
Write-Output ("[**] Container: " + $arrayFromFile[$i])
$FullList += "http://" + $storageaccount + ".blob.core.windows.net/" + $arrayFromFile[$i] + "?restype=container&comp=list"
$FullList += "https://" + $storageaccount + ".blob.core.windows.net/" + $arrayFromFile[$i] + "?restype=container&comp=list"
Write-Host -NoNewline "[***] Checking HTTP: "
try
{
$request = Invoke-WebRequest -Uri ("http://" + $storageaccount + ".blob.core.windows.net/" + $arrayFromFile[$i] + "?restype=container&comp=list")
if ($request.StatusCode -like 200){
Write-Host -ForegroundColor green "Public access enabled!"
Write-Output ("[****] Public Storage Container URL: " + "http://" + $storageaccount + ".blob.core.windows.net/" + $arrayFromFile[$i] + "?restype=container&comp=list")
Write-Host $request.RawContent
$defpublic += "http://" + $storageaccount + ".blob.core.windows.net/" + $arrayFromFile[$i] + "?restype=container&comp=list"
}
}
catch
{
$Failure = $_.Exception.Response
if ($Failure.StatusDescription -match "specified resource does not exist")
{
Write-Host -ForegroundColor yellow "Public access may be enabled but resource does not exist."
$PossiblePublicContainers += "http://" + $storageaccount + ".blob.core.windows.net/" + $arrayFromFile[$i] + "?restype=container&comp=list"
}
else
{
Write-Host -ForegroundColor red $Failure.StatusDescription
}
}
Write-Host -NoNewline "[***] Checking HTTPS: "
try
{
$request = Invoke-WebRequest -Uri ("https://" + $storageaccount + ".blob.core.windows.net/" + $arrayFromFile[$i] + "?restype=container&comp=list")
if ($request.StatusCode -like 200){
Write-Host -ForegroundColor green "Public access enabled!"
Write-Output ("[****] Public Storage Container URL: " + "https://" + $storageaccount + ".blob.core.windows.net/" + $arrayFromFile[$i] + "?restype=container&comp=list")
Write-Host $request.RawContent
$defpublic += "https://" + $storageaccount + ".blob.core.windows.net/" + $arrayFromFile[$i] + "?restype=container&comp=list"
}
}
catch
{
$Failure = $_.Exception.Response
if ($Failure.StatusDescription -match "specified resource does not exist")
{
Write-Host -ForegroundColor yellow "Public access may be enabled but resource does not exist."
$PossiblePublicContainers += "https://" + $storageaccount + ".blob.core.windows.net/" + $arrayFromFile[$i] + "?restype=container&comp=list"
}
else
{
Write-Host -ForegroundColor red $Failure.StatusDescription
}
}
$linenumber++
}
$linenumber++
}
$linenumber++
}
$FullList | Out-File -Encoding ascii "full-storage-account.txt"
$defpublic | Out-File -Encoding ascii "public-containers.txt"
$PossiblePublicContainers | Out-File -Encoding ascii "possible-public-containers.txt"
Write-Output "----- Public Azure Storage Accounts -----"
$defpublic
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment