Last active
September 16, 2021 07:40
-
-
Save manasmbellani/d18a5b14cdec5d2dd28d0768752b2b0f to your computer and use it in GitHub Desktop.
detect_azure_omi_servers.sh - Uses nmap to detect potential Azure servers running OMI
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
OMI_PORT=5986 | |
SERVICE_REGEX=".*http.*Microsoft HTTPAPI" | |
IP_REGEX="^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$" | |
USAGE=" | |
[-] $0 <host> | |
Summary: | |
Detect possible OMI service which runs on Azure instances | |
Args: | |
host: IP address or domain to check for OMI service | |
Pre-requisites: | |
nmap | |
whois | |
host | |
Examples: | |
Scan for possible OMI service on host 1.1.1.1 | |
$0 1.1.1.1 | |
" | |
if [ $# -lt 1 ]; then | |
echo "[-] $USAGE" | |
exit 1 | |
fi | |
host="$1" | |
echo "[*] Checking if host: $host is an IP or domain" | |
is_ip=$(echo "$host" | grep -iE "$IP_REGEX") | |
if [ -z "$is_ip" ]; then | |
echo "[*] Host: $host is domain. Check if host: $host resolves" | |
ip=$(host "$host" | cut -d" " -f1 | grep -i 'has address' | cut -d" " -f4) | |
else | |
echo "[*] Host: $host is an IP" | |
ip=$host | |
fi | |
if [ -z "$ip" ]; then | |
echo "[*] Host: $host does not resolve" | |
else | |
echo "[*] Check if port: $OMI_PORT is running on the host: $host and matches expected service type via nmap" | |
nmap_check=$(nmap -Pn -sS -sV -p "$OMI_PORT" "$host" | grep -iE "$SERVICE_REGEX") | |
if [ -z "$nmap_check" ]; then | |
echo "[*] Host: $host not Azure OMI Service" | |
else | |
echo "[*] Checking if IP: $ip is an Azure service via whois" | |
is_microsoft=$(whois "$ip" | grep -i "Microsoft ") | |
if [ -z "$is_microsoft" ]; then | |
echo "[*] Host: $host, IP: $ip does not appear to be Microsoft host" | |
else | |
echo "[+] Host: $host potentially Azure OMI service." | |
fi | |
fi | |
fi | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment