Dns threading (#4) · initstring/cloud_enum@5a70dae · GitHub
Skip to content

Commit 5a70dae

Browse files
authored
Dns threading (#4)
Added DNS threading and additional azure error checks.
1 parent 4c9f204 commit 5a70dae

3 files changed

Lines changed: 77 additions & 30 deletions

File tree

cloud_enum.py

Lines changed: 5 additions & 1 deletion

cloud_enum/azure_checks.py

Lines changed: 24 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -23,8 +23,12 @@ def print_account_response(reply):
2323
This function is passed into the class object so we can view results
2424
in real-time.
2525
"""
26+
#
2627
if reply.status_code == 404:
2728
pass
29+
elif 'The specified account is disabled' in reply.reason:
30+
utils.printc(" Disabled Storage Account: {}\n"
31+
.format(reply.url), 'red')
2832
elif 'Value for one of the query' in reply.reason:
2933
utils.printc(" HTTP-OK Storage Account: {}\n"
3034
.format(reply.url), 'orange')
@@ -35,7 +39,7 @@ def print_account_response(reply):
3539
" {}: {}"
3640
.format(reply.status_code, reply.reason))
3741

38-
def check_storage_accounts(names, threads):
42+
def check_storage_accounts(names, threads, nameserver):
3943
"""
4044
Checks storage account names
4145
"""
@@ -59,7 +63,7 @@ def check_storage_accounts(names, threads):
5963
candidates.append('{}.{}'.format(name, BLOB_URL))
6064

6165
# Azure Storage Accounts use DNS sub-domains. First, see which are valid.
62-
valid_names = utils.fast_dns_lookup(candidates)
66+
valid_names = utils.fast_dns_lookup(candidates, nameserver)
6367

6468
# Send the valid names to the batch HTTP processor
6569
utils.get_url_batch(valid_names, use_ssl=False,
@@ -78,11 +82,20 @@ def print_container_response(reply):
7882
This function is passed into the class object so we can view results
7983
in real-time.
8084
"""
81-
if reply.status_code == 200:
85+
# Stop brute forcing disabled accounts
86+
if 'The specified account is disabled' in reply.reason:
87+
return 'breakout'
88+
89+
# Stop brute forcing accounts without permission
90+
if 'not authorized to perform this operation' in reply.reason:
91+
return 'breakout'
92+
93+
# Handle other responses
94+
if reply.status_code == 404:
95+
pass
96+
elif reply.status_code == 200:
8297
utils.printc(" OPEN AZURE CONTAINER: {}\n"
8398
.format(reply.url), 'green')
84-
elif reply.status_code == 404:
85-
pass
8699
elif 'One of the request inputs is out of range' in reply.reason:
87100
pass
88101
else: print(" Unknown status codes being received:\n"
@@ -131,7 +144,7 @@ def print_website_response(hostname):
131144
utils.printc(" Registered Azure Website DNS Name: {}\n"
132145
.format(hostname), 'green')
133146

134-
def check_azure_websites(names):
147+
def check_azure_websites(names, nameserver):
135148
"""
136149
Checks for Azure Websites (PaaS)
137150
"""
@@ -144,22 +157,20 @@ def check_azure_websites(names):
144157
candidates = [name + '.' + WEBAPP_URL for name in names]
145158

146159
# Azure Websites use DNS sub-domains. If it resolves, it is registered.
147-
valid_names = utils.fast_dns_lookup(candidates,
148-
callback=print_website_response)
160+
utils.fast_dns_lookup(candidates, nameserver,
161+
callback=print_website_response)
149162

150163
# Stop the timer
151164
utils.stop_timer(start_time)
152165

153-
return valid_names
154-
155-
def run_all(names, brute_list, threads):
166+
def run_all(names, brute_list, threads, nameserver):
156167
"""
157168
Function is called by main program
158169
"""
159170
print(BANNER)
160171

161-
valid_accounts = check_storage_accounts(names, threads)
172+
valid_accounts = check_storage_accounts(names, threads, nameserver)
162173
if valid_accounts:
163174
brute_force_containers(valid_accounts, brute_list, threads)
164175

165-
check_azure_websites(names)
176+
check_azure_websites(names, nameserver)

cloud_enum/utils.py

Lines changed: 48 additions & 16 deletions

0 commit comments

Comments
 (0)