Dns threading by initstring · Pull Request #4 · initstring/cloud_enum · GitHub
Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion cloud_enum.py
37 changes: 24 additions & 13 deletions cloud_enum/azure_checks.py
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,12 @@ def print_account_response(reply):
This function is passed into the class object so we can view results
in real-time.
"""
#
if reply.status_code == 404:
pass
elif 'The specified account is disabled' in reply.reason:
utils.printc(" Disabled Storage Account: {}\n"
.format(reply.url), 'red')
elif 'Value for one of the query' in reply.reason:
utils.printc(" HTTP-OK Storage Account: {}\n"
.format(reply.url), 'orange')
Expand All @@ -35,7 +39,7 @@ def print_account_response(reply):
" {}: {}"
.format(reply.status_code, reply.reason))

def check_storage_accounts(names, threads):
def check_storage_accounts(names, threads, nameserver):
"""
Checks storage account names
"""
Expand All @@ -59,7 +63,7 @@ def check_storage_accounts(names, threads):
candidates.append('{}.{}'.format(name, BLOB_URL))

# Azure Storage Accounts use DNS sub-domains. First, see which are valid.
valid_names = utils.fast_dns_lookup(candidates)
valid_names = utils.fast_dns_lookup(candidates, nameserver)

# Send the valid names to the batch HTTP processor
utils.get_url_batch(valid_names, use_ssl=False,
Expand All @@ -78,11 +82,20 @@ def print_container_response(reply):
This function is passed into the class object so we can view results
in real-time.
"""
if reply.status_code == 200:
# Stop brute forcing disabled accounts
if 'The specified account is disabled' in reply.reason:
return 'breakout'

# Stop brute forcing accounts without permission
if 'not authorized to perform this operation' in reply.reason:
return 'breakout'

# Handle other responses
if reply.status_code == 404:
pass
elif reply.status_code == 200:
utils.printc(" OPEN AZURE CONTAINER: {}\n"
.format(reply.url), 'green')
elif reply.status_code == 404:
pass
elif 'One of the request inputs is out of range' in reply.reason:
pass
else: print(" Unknown status codes being received:\n"
Expand Down Expand Up @@ -131,7 +144,7 @@ def print_website_response(hostname):
utils.printc(" Registered Azure Website DNS Name: {}\n"
.format(hostname), 'green')

def check_azure_websites(names):
def check_azure_websites(names, nameserver):
"""
Checks for Azure Websites (PaaS)
"""
Expand All @@ -144,22 +157,20 @@ def check_azure_websites(names):
candidates = [name + '.' + WEBAPP_URL for name in names]

# Azure Websites use DNS sub-domains. If it resolves, it is registered.
valid_names = utils.fast_dns_lookup(candidates,
callback=print_website_response)
utils.fast_dns_lookup(candidates, nameserver,
callback=print_website_response)

# Stop the timer
utils.stop_timer(start_time)

return valid_names

def run_all(names, brute_list, threads):
def run_all(names, brute_list, threads, nameserver):
"""
Function is called by main program
"""
print(BANNER)

valid_accounts = check_storage_accounts(names, threads)
valid_accounts = check_storage_accounts(names, threads, nameserver)
if valid_accounts:
brute_force_containers(valid_accounts, brute_list, threads)

check_azure_websites(names)
check_azure_websites(names, nameserver)
64 changes: 48 additions & 16 deletions cloud_enum/utils.py