Created
June 2, 2023 16:42
-
-
Save dafthack/86b774127c1dc9f7071bf5b56bd23108 to your computer and use it in GitHub Desktop.
PowerShell script for checking each Azure storage container to determine if they are publicly accessible
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invoke-AzPublicStorageEnum{ | |
| # First create a list of storage accounts and containers from ScoutSuite results | |
| # tail scoutsuite_results*.js -n +2 | jq -r '.services.storageaccounts.subscriptions[].storage_accounts[] | .blob_containers_count,.name,.blob_containers[].id' > /root/Desktop/storage-array.txt | |
| [string[]]$arrayFromFile = Get-Content -Path '.\storage-array.txt' | |
| $FullList = @() | |
| $PossiblePublicContainers = @() | |
| $defpublic = @() | |
| # $linenumber = [array]::IndexOf($arrayFromFile, $line) | |
| $linenumber = 0 | |
| ForEach($line in $arrayFromFile){ | |
| If ($arrayFromFile[$linenumber] -In 1..10000){ | |
| # Get the name of the storage account we are testing | |
| $storageaccount = $arrayFromFile[$linenumber + 1] | |
| #Write-Output ("Currently checking storage account " + $storageaccount) | |
| # Get the total number of containers | |
| $containertotal = $arrayFromFile[$linenumber] | |
| #Write-Output ("Container total = " + $containertotal) | |
| # Create a range of line numbers associated with container lines | |
| $containerstart = $linenumber + 2 | |
| $containerend = $containerstart + $containertotal - 1 | |
| #Write-Output ("Container lines are starting at " + $containerstart + " and ending at " + $containerend) | |
| Write-Output ("[*] Storage Account: " + $storageaccount) | |
| # For each line in the list of container lines | |
| foreach($i in $containerstart..$containerend) | |
| { | |
| Write-Output ("[**] Container: " + $arrayFromFile[$i]) | |
| $FullList += "http://" + $storageaccount + ".blob.core.windows.net/" + $arrayFromFile[$i] + "?restype=container&comp=list" | |
| $FullList += "https://" + $storageaccount + ".blob.core.windows.net/" + $arrayFromFile[$i] + "?restype=container&comp=list" | |
| Write-Host -NoNewline "[***] Checking HTTP: " | |
| try | |
| { | |
| $request = Invoke-WebRequest -Uri ("http://" + $storageaccount + ".blob.core.windows.net/" + $arrayFromFile[$i] + "?restype=container&comp=list") | |
| if ($request.StatusCode -like 200){ | |
| Write-Host -ForegroundColor green "Public access enabled!" | |
| Write-Output ("[****] Public Storage Container URL: " + "http://" + $storageaccount + ".blob.core.windows.net/" + $arrayFromFile[$i] + "?restype=container&comp=list") | |
| Write-Host $request.RawContent | |
| $defpublic += "http://" + $storageaccount + ".blob.core.windows.net/" + $arrayFromFile[$i] + "?restype=container&comp=list" | |
| } | |
| } | |
| catch | |
| { | |
| $Failure = $_.Exception.Response | |
| if ($Failure.StatusDescription -match "specified resource does not exist") | |
| { | |
| Write-Host -ForegroundColor yellow "Public access may be enabled but resource does not exist." | |
| $PossiblePublicContainers += "http://" + $storageaccount + ".blob.core.windows.net/" + $arrayFromFile[$i] + "?restype=container&comp=list" | |
| } | |
| else | |
| { | |
| Write-Host -ForegroundColor red $Failure.StatusDescription | |
| } | |
| } | |
| Write-Host -NoNewline "[***] Checking HTTPS: " | |
| try | |
| { | |
| $request = Invoke-WebRequest -Uri ("https://" + $storageaccount + ".blob.core.windows.net/" + $arrayFromFile[$i] + "?restype=container&comp=list") | |
| if ($request.StatusCode -like 200){ | |
| Write-Host -ForegroundColor green "Public access enabled!" | |
| Write-Output ("[****] Public Storage Container URL: " + "https://" + $storageaccount + ".blob.core.windows.net/" + $arrayFromFile[$i] + "?restype=container&comp=list") | |
| Write-Host $request.RawContent | |
| $defpublic += "https://" + $storageaccount + ".blob.core.windows.net/" + $arrayFromFile[$i] + "?restype=container&comp=list" | |
| } | |
| } | |
| catch | |
| { | |
| $Failure = $_.Exception.Response | |
| if ($Failure.StatusDescription -match "specified resource does not exist") | |
| { | |
| Write-Host -ForegroundColor yellow "Public access may be enabled but resource does not exist." | |
| $PossiblePublicContainers += "https://" + $storageaccount + ".blob.core.windows.net/" + $arrayFromFile[$i] + "?restype=container&comp=list" | |
| } | |
| else | |
| { | |
| Write-Host -ForegroundColor red $Failure.StatusDescription | |
| } | |
| } | |
| $linenumber++ | |
| } | |
| $linenumber++ | |
| } | |
| $linenumber++ | |
| } | |
| $FullList | Out-File -Encoding ascii "full-storage-account.txt" | |
| $defpublic | Out-File -Encoding ascii "public-containers.txt" | |
| $PossiblePublicContainers | Out-File -Encoding ascii "possible-public-containers.txt" | |
| Write-Output "----- Public Azure Storage Accounts -----" | |
| $defpublic | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment