Implemented getting the resources

2026-02-27 18:52:18 +01:00 · 2021-08-18 12:36:53 +02:00
parent 31f3acdd3b
commit 05b9ce94a6
5 changed files with 133 additions and 107 deletions
--- a/Powershell/Modules/Effectory.Dns/Effectory.Dns/private/CheckIpAddresses.ps1
+++ b/Powershell/Modules/Effectory.Dns/Effectory.Dns/private/CheckIpAddresses.ps1
@@ -0,0 +1,33 @@
+function CheckIpAddresses() {
+    param(
+    [Parameter(Mandatory)]
+     [Microsoft.Azure.Commands.Profile.Models.Core.PSAzureContext]$subscription,
+     [Parameter(Mandatory)]
+     [Microsoft.Azure.Commands.Network.Models.PSPublicIpAddress[]] $ipAddresses,
+     [Parameter(Mandatory)]
+     [string]$effectoryDomainPattern
+    )
+    [EffectoryDomainNameCheck[]]$Result = @()
+    
+    # public ip => Assume binding if an IP has a domain name. 
+
+    foreach($ipAddress in $ipAddresses) {
+        $resource = Get-AzResource -ResourceId $ipAddress.Id
+        $domainNameCheck = [EffectoryDomainNameCheck] @{
+            SubscriptionId = $subscriptionId; 
+            SubscriptionName = $subscription.Name;
+            ResourceId = $ipAddress.Id;
+            ResourceName = $ipAddress.Name;
+            ResourceType = $resource.ResourceType;
+            ResourceGroupName = $resource.ResourceGroupName;
+            DomainName = $ipAddress.DnsSettings.DomainNameLabel;
+            Tag_Team = $resource.Tags.team
+            Tag_Product = $resource.Tags.product
+            Tag_Environment = $resource.Tags.environment
+            Tag_Data = $resource.Tags.data
+        }
+        $Result += $domainNameCheck
+    }
+
+    $Result
+}
--- a/Powershell/Modules/Effectory.Dns/Effectory.Dns/private/CheckTrafficManagers.ps1
+++ b/Powershell/Modules/Effectory.Dns/Effectory.Dns/private/CheckTrafficManagers.ps1
@@ -0,0 +1,33 @@
+function CheckTrafficManagers() {
+    param(
+    [Parameter(Mandatory)]
+     [Microsoft.Azure.Commands.Profile.Models.Core.PSAzureContext]$subscription,
+     [Parameter(Mandatory)]
+     [Microsoft.Azure.Commands.TrafficManager.Models.TrafficManagerProfile[]] $trafficManagers,
+     [Parameter(Mandatory)]
+     [string]$effectoryDomainPattern
+    )
+    [EffectoryDomainNameCheck[]]$Result = @()
+    
+    # traffic manager => Assume binding 
+
+    foreach($trafficManager in $trafficManagers) {
+        $resource = Get-AzResource -ResourceId $trafficManager.Id
+        $domainNameCheck = [EffectoryDomainNameCheck] @{
+            SubscriptionId = $subscriptionId; 
+            SubscriptionName = $subscription.Name;
+            ResourceId = $trafficManager.Id;
+            ResourceName = $trafficManager.Name;
+            ResourceType = $resource.ResourceType;
+            ResourceGroupName = $resource.ResourceGroupName;
+            DomainName = $trafficManager.RelativeDnsName;
+            Tag_Team = $resource.Tags.team
+            Tag_Product = $resource.Tags.product
+            Tag_Environment = $resource.Tags.environment
+            Tag_Data = $resource.Tags.data
+        }
+        $Result += $domainNameCheck
+    }
+
+    $Result
+}
--- a/Powershell/Modules/Effectory.Dns/Effectory.Dns/public/Get-EffectoryDomainResources.ps1
+++ b/Powershell/Modules/Effectory.Dns/Effectory.Dns/public/Get-EffectoryDomainResources.ps1
@@ -31,27 +31,27 @@ function Get-EffectoryDomainResources {

    # ------------------------------------------------------------------------------------------------------------------
    Write-Host "Checking WebApps and WebApp Slots for subscription $($currentContext.Name)"
-    # $webApps = Get-AzWebApp 
-    # [int]$webAppCounter = 0
-    # [int]$webAppSlotCounter = 0
+    $webApps = Get-AzWebApp 
+    [int]$webAppCounter = 0
+    [int]$webAppSlotCounter = 0

-    # if ($null -ne $webApps) {
-    #     # check webapps
-    #     $itemsWebApps = CheckWebApps -subscription $currentContext -webApps $webApps -effectoryDomainPattern $effectoryDomainPattern
-    #     $webAppCounter += $itemsWebApps.Count
-    #     $result +=  $itemsWebApps
+    if ($null -ne $webApps) {
+        # check webapps
+        $itemsWebApps = CheckWebApps -subscription $currentContext -webApps $webApps -effectoryDomainPattern $effectoryDomainPattern
+        $webAppCounter += $itemsWebApps.Count
+        $result +=  $itemsWebApps

-    #     # check webapp slots
-    #     foreach ($webApp in $webApps) {
-    #         $slot = Get-AzWebAppSlot -WebApp $webApp 
-    #         if ($null -ne $slot) {
-    #             $itemsWebAppSlots = CheckWebApps -subscription $currentContext -webApps $slot -effectoryDomainPattern $effectoryDomainPattern
-    #             $webAppSlotCounter += $itemsWebAppSlots.Count
-    #             $result +=  $itemsWebAppSlots
-    #         }
-    #     }
-    # }
-    # Write-Host "Found $($webAppCounter) WebApps and  $($webAppSlotsCounter) WebApp Slots for subscription $($currentContext.Name)"
+        # check webapp slots
+        foreach ($webApp in $webApps) {
+            $slot = Get-AzWebAppSlot -WebApp $webApp 
+            if ($null -ne $slot) {
+                $itemsWebAppSlots = CheckWebApps -subscription $currentContext -webApps $slot -effectoryDomainPattern $effectoryDomainPattern
+                $webAppSlotCounter += $itemsWebAppSlots.Count
+                $result +=  $itemsWebAppSlots
+            }
+        }
+    }
+    Write-Host "Found $($webAppCounter) WebApps and  $($webAppSlotsCounter) WebApp Slots for subscription $($currentContext.Name)"
    
    # ------------------------------------------------------------------------------------------------------------------
    Write-Host "Checking FrontDoor Endpoints for subscription $($currentContext.Name)"
@@ -89,9 +89,46 @@ function Get-EffectoryDomainResources {
    }
    Write-Host "Found $($cdnCounter) Cdn Endpoints for subscription $($currentContext.Name)"
 
+    # ------------------------------------------------------------------------------------------------------------------
+    Write-Host "Checking public IP addresses for subscription $($currentContext.Name)"
+    $ipAddresses = Get-AzPublicIpAddress | Where-Object DnsSettings -ne $null  | Where-Object { $_.DnsSettings.DomainNameLabel -ne "" }
+    [int]$ipCounter = 0
    
-    $result
+    if ($null -ne $ipAddresses) {
+        $itemsIpAddresses = CheckIpAddresses -subscription $currentContext -ipAddresses $ipAddresses -effectoryDomainPattern $effectoryDomainPattern
+        $ipCounter += $itemsIpAddresses.Count
+        $result += $itemsIpAddresses
+    }
+    Write-Host "Found $($ipCounter) public IP addresses for subscription $($currentContext.Name)"
+
+    # ------------------------------------------------------------------------------------------------------------------
+    Write-Host "Checking Traffic Managers for subscription $($currentContext.Name)"
+    $trafficManagers = Get-AzTrafficManagerProfile
+    [int]$trafficManagerCounter = 0
+    
+    if ($null -ne $trafficManagers) {
+        $itemsTrafficManagers = CheckTrafficManagers -subscription $currentContext -trafficManagers $trafficManagers -effectoryDomainPattern $effectoryDomainPattern
+        $trafficManagerCounter += $itemsTrafficManagers.Count
+        $result += $itemsTrafficManagers
+    }
+    Write-Host "Found $($trafficManagerCounter) Traffic Managers for subscription $($currentContext.Name)"
+
+    # ------------------------------------------------------------------------------------------------------------------
+    Write-Host "Checking Container groups for subscription $($currentContext.Name)"
+    $containerInstances =  Get-AzContainerGroup
+    
+    if ($null -ne $containerInstances) {
+        throw "Container groups are not implemented yet."
    }

+    # ------------------------------------------------------------------------------------------------------------------
+    Write-Host "Checking API Management for subscription $($currentContext.Name)"
+    $apiManagementServices =  Get-AzApiManagement
    
+    if ($null -ne $apiManagementServices) {
+        throw "API Management services are not implemented yet."
+    }

+    # ------------------------------------------------------------------------------------------------------------------
+    $result
+}
--- a/Powershell/Modules/Effectory.Dns/test.csv
+++ b/Powershell/Modules/Effectory.Dns/test.csv
@@ -6,3 +6,9 @@
 "a134faf1-7a89-4f2c-8389-06d00bd5e2a7","Survey Software Production (a134faf1-7a89-4f2c-8389-06d00bd5e2a7) - jurjen.ladenius@effectory.com","/subscriptions/a134faf1-7a89-4f2c-8389-06d00bd5e2a7/resourceGroups/Default-Storage-WestEurope/providers/Microsoft.Storage/storageAccounts/mailingstore","Default-Storage-WestEurope","mailingstore","Microsoft.Storage/storageAccounts","mailstore.effectory.com","pink","general","prod","internal"
 "a134faf1-7a89-4f2c-8389-06d00bd5e2a7","Survey Software Production (a134faf1-7a89-4f2c-8389-06d00bd5e2a7) - jurjen.ladenius@effectory.com","/subscriptions/a134faf1-7a89-4f2c-8389-06d00bd5e2a7/resourcegroups/my-effectory-europe/providers/Microsoft.Cdn/profiles/effectorybranding/endpoints/effectorybranding/customdomains/styleguide-effectory-com","my-effectory-europe","styleguide-effectory-com","Microsoft.Cdn/profiles/endpoints/customdomains","styleguide.effectory.com","orange","my-effectory","prod","n/a"
 "a134faf1-7a89-4f2c-8389-06d00bd5e2a7","Survey Software Production (a134faf1-7a89-4f2c-8389-06d00bd5e2a7) - jurjen.ladenius@effectory.com","/subscriptions/a134faf1-7a89-4f2c-8389-06d00bd5e2a7/resourcegroups/tech-effectory/providers/Microsoft.Cdn/profiles/tech-effectory/endpoints/techeffectory/customdomains/tech-effectory-com","tech-effectory","tech-effectory-com","Microsoft.Cdn/profiles/endpoints/customdomains","tech.effectory.com","to","tech.effectory.com","prod","public"
+"a134faf1-7a89-4f2c-8389-06d00bd5e2a7","Survey Software Production (a134faf1-7a89-4f2c-8389-06d00bd5e2a7) - jurjen.ladenius@effectory.com","/subscriptions/a134faf1-7a89-4f2c-8389-06d00bd5e2a7/resourceGroups/postbode_arm/providers/Microsoft.Network/publicIPAddresses/PostbodePIP","postbode_arm","PostbodePIP","Microsoft.Network/publicIPAddresses","postbode","pink","mailings","prod","personally identifiable"
+"a134faf1-7a89-4f2c-8389-06d00bd5e2a7","Survey Software Production (a134faf1-7a89-4f2c-8389-06d00bd5e2a7) - jurjen.ladenius@effectory.com","/subscriptions/a134faf1-7a89-4f2c-8389-06d00bd5e2a7/resourceGroups/Default-TrafficManager/providers/Microsoft.Network/trafficManagerProfiles/customer-extranet","Default-TrafficManager","customer-extranet","Microsoft.Network/trafficManagerProfiles","customer-extranet","lime","survey","prod","personally identifiable"
+"a134faf1-7a89-4f2c-8389-06d00bd5e2a7","Survey Software Production (a134faf1-7a89-4f2c-8389-06d00bd5e2a7) - jurjen.ladenius@effectory.com","/subscriptions/a134faf1-7a89-4f2c-8389-06d00bd5e2a7/resourceGroups/Default-TrafficManager/providers/Microsoft.Network/trafficManagerProfiles/questionnaire","Default-TrafficManager","questionnaire","Microsoft.Network/trafficManagerProfiles","questionnaire","orange","ece","prod","n/a"
+"a134faf1-7a89-4f2c-8389-06d00bd5e2a7","Survey Software Production (a134faf1-7a89-4f2c-8389-06d00bd5e2a7) - jurjen.ladenius@effectory.com","/subscriptions/a134faf1-7a89-4f2c-8389-06d00bd5e2a7/resourceGroups/Default-TrafficManager/providers/Microsoft.Network/trafficManagerProfiles/questionnairelogin","Default-TrafficManager","questionnairelogin","Microsoft.Network/trafficManagerProfiles","questionnairelogin","orange","survey","test","n/a"
+"a134faf1-7a89-4f2c-8389-06d00bd5e2a7","Survey Software Production (a134faf1-7a89-4f2c-8389-06d00bd5e2a7) - jurjen.ladenius@effectory.com","/subscriptions/a134faf1-7a89-4f2c-8389-06d00bd5e2a7/resourceGroups/myresults/providers/Microsoft.Network/trafficManagerProfiles/myresults","myresults","myresults","Microsoft.Network/trafficManagerProfiles","myresults","green","my-feedback","prod","secret"
+"a134faf1-7a89-4f2c-8389-06d00bd5e2a7","Survey Software Production (a134faf1-7a89-4f2c-8389-06d00bd5e2a7) - jurjen.ladenius@effectory.com","/subscriptions/a134faf1-7a89-4f2c-8389-06d00bd5e2a7/resourceGroups/respondent/providers/Microsoft.Network/trafficManagerProfiles/signin","respondent","signin","Microsoft.Network/trafficManagerProfiles","signin","lime","survey","prod","secret"
--- a/Powershell/RunBooks/SubdomainTakeOver.ps1
+++ b/Powershell/RunBooks/SubdomainTakeOver.ps1
@@ -1,83 +0,0 @@
-Import-Module Az.Accounts
-Import-Module Az.Websites
-Import-Module Az.FrontDoor
-Import-Module Az.Storage
-Import-Module Az.Cdn
-Import-Module Az.Network
-Import-Module Az.TrafficManager
-Import-Module Az.ContainerInstance
-
-class DomainNameCheck {
-    [string] $SubscriptionId = ""
-    [string] $SubscriptionName = ""
-    [string] $ResourceId = ""
-    [string] $ResourceGroupName = ""
-    [string] $ResourceName = ""
-    [string] $ResourceType = ""
-    [string] $DomainName = ""
-    [string] $Tag_Team = ""
-    [string] $Tag_Product = ""
-    [string] $Tag_Environment = ""
-    [string] $Tag_Data = ""
-}
-
-$subscriptions = Get-AzSubscription | Where-Object State -eq "Enabled"
-
-
-foreach ($subscription in $subscriptions) 
-{
-    context = Set-AzContext -SubscriptionId $subscription.Id
-
-    $webApps = get-azwebapp 
-    $webAppsEffectory = $webApps | Where-Object {@($_.HostNames) -like "*.effectory.com"} # app service
-
-    foreach ($webApp in $webApps) {
-        $slot = Get-AzWebAppSlot -WebApp $webApp 
-        if ($slotHostNames = $slot | Where-Object {@($_.HostNames) -like "*.effectory.com"}) {
-           # app service slots
-        }
-    }
-
-    $frontDoors = Get-AzFrontDoor
-    foreach($frontDoor in $frontDoors) {
-        if ($endPointHostNames = $frontDoor.FrontendEndpoints | Where-Object HostName -like "*.effectory.com") {
-            # frontdoor
-        }
-    }
-
-    $effectoryStorage = Get-AzStorageAccount | Where-Object { $_.CustomDomain.Name -like "*.effectory.com" } # storage accounts
-
-    $cdnProfiles = Get-AzCdnProfile
-    foreach($cdnProfile in $cdnProfiles) {
-        $cdnEndPoints = Get-AzCdnEndpoint -ProfileName $cdnProfile.Name -ResourceGroupName $cdnProfile.ResourceGroupName
-        foreach($cdnEndPoint in $cdnEndPoints) {
-            $cdnEffectory = Get-AzCdnCustomDomain -CdnEndpoint $cdnEndPoint | Where-Object HostName -Like "*.effectory.com" # cdn endpoints
-        }
-    }
-
-    $ipAddresses = Get-AzPublicIpAddress | Where-Object DnsSettings -ne $null  | Where-Object { $_.DnsSettings.DomainNameLabel -ne "" } # public ip => Assume binding ? 
-
-    $trafficManagers = Get-AzTrafficManagerProfile
-    foreach ($trafficManager in $trafficManagers) {
-        #$trafficManager.RelativeDnsName
-        # traffic manager
-    }
-
-    $containerInstances =  Get-AzContainerGroup
-    foreach ($containerInstance in  $containerInstances) {
-        #$containerInstance.Fqdn
-        #container instance
-    }
-}
-
-## TODO
-
-
-## Azure API Management	microsoft.apimanagement/service	abc.azure-api.net
-
-
-
-
-#Set-AzContext -SubscriptionId "a134faf1-7a89-4f2c-8389-06d00bd5e2a7"
-#Set-AzContext -SubscriptionId "750d0421-da63-42fb-9f89-74aeb5dfe05b"
-