Public/Reconnaissance/anonymous/Get-PublicResourceList.ps1
|
function Get-PublicResourceList { [cmdletbinding()] param ( [Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true)] [ValidatePattern('^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$', ErrorMessage = "It does not match expected pattern '{1}'")] [string]$Name, [Parameter(Mandatory = $false, ValueFromPipelineByPropertyName = $true)] [string]$WordList, [Parameter(Mandatory = $false)] [int]$ThrottleLimit = 100 ) begin { # Create thread-safe collections $validDnsNames = [System.Collections.Concurrent.ConcurrentBag[string]]::new() } process { try { # Read word list efficiently if ($WordList) { $permutations = [System.Collections.Generic.HashSet[string]](Get-Content $WordList) Write-Verbose "Loaded $($permutations.Count) permutations from '$WordList'" } $permutations += $sessionVariables.permutations Write-Verbose "Loaded $($permutations.Count) permutations from session" $dnsNames = [System.Collections.Generic.HashSet[string]]::new([StringComparer]::OrdinalIgnoreCase) $domains = @( 'blob.core.windows.net', 'file.core.windows.net', 'table.core.windows.net', 'queue.core.windows.net', 'database.windows.net', 'documents.azure.com', 'vault.azure.net', 'azurecr.io', 'cognitiveservices.azure.com', 'servicebus.windows.net', 'azureedge.net', 'azurewebsites.net' ) $domains | ForEach-Object { $domain = $_ $permutations | ForEach-Object { [void] $dnsNames.Add(('{0}{1}.{2}' -f $Name, $_, $domain)) [void] $dnsNames.Add(('{1}{0}.{2}' -f $Name, $_, $domain)) [void] $dnsNames.Add(('{0}.{1}' -f $Name, $domain)) } } $totalDns = $dnsNames.Count Write-Verbose "Starting DNS resolution for $totalDns names..." # Parallel DNS resolution with improved error handling and progress $dnsNames | Sort-Object -Unique | ForEach-Object -ThrottleLimit $ThrottleLimit -Parallel { try { $validDnsNames = $using:validDnsNames if ([System.Net.Dns]::GetHostEntry($_)) { $validDnsNames.Add($_) Write-Output "Get-AzPublicResources: '$_' is valid" } } catch [System.Net.Sockets.SocketException] { Write-Verbose "Get-AzPublicResources: '$_' does not exist" } } } catch { Write-Message -FunctionName $($MyInvocation.MyCommand.Name) -Message $($_.Exception.Message) -Severity 'Error' } } <# .SYNOPSIS Retrieves Azure public resources based on the provided name and type. .DESCRIPTION The Get-PublicResourceList function retrieves Azure public resources by generating DNS names based on the provided name and type, and then performing DNS resolution to check their validity. It supports parallel processing for efficient DNS resolution. .PARAMETER Name The base name to use for generating DNS names. This parameter is mandatory and must match the pattern '^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$'. .PARAMETER Type The type of Azure resource. This parameter is optional and defaults to 'blob'. Valid values are 'blob', 'file', 'queue', 'table', and 'dfs'. .PARAMETER WordList An optional path to a file containing a list of words to use for generating permutations of DNS names. .PARAMETER ThrottleLimit An optional parameter to specify the throttle limit for parallel DNS resolution. The default value is 1000. .DEPENDENCIES - PowerShell 5.1 or later - Azure PowerShell module (Az.Resources) - System.Collections.Concurrent.ConcurrentBag - System.Collections.Generic.HashSet - System.Net.Dns .EXAMPLE Get-PublicResourceList -Name "example" -Type "blob" Retrieves Azure public resources for the name "example" with the type "blob". .EXAMPLE Get-PublicResourceList -Name "example" -WordList "wordlist.txt" Retrieves Azure public resources for the name "example" using permutations from the specified word list. .LINK https://docs.microsoft.com/en-us/powershell/module/az.resources/ #> #> } |