Commit 2c6e8ced: Multiple changes

- Check output - Updated list generation - Started subdomain takeover check module
2026-02-27 18:52:18 +01:00 · 2021-08-12 10:46:04 +02:00
parent 2c6e8cede3
commit 1a3bc1370e
39 changed files with 4879 additions and 85 deletions
--- a/Powershell/Tools/ApplyStorageAccountTls12.ps1
+++ b/Powershell/Tools/ApplyStorageAccountTls12.ps1
@@ -0,0 +1,19 @@
+#Connect-AzAccount
+
+$subscriptions = Get-AzSubscription
+
+foreach ($subscription in $subscriptions) 
+{
+    Write-Host "----------------"
+
+    Set-AzContext -SubscriptionId $subscription.Id
+
+    $allResources = Get-AzStorageAccount | Where-Object minimumTlsVersion -ne TLS1_2
+
+    foreach ($resource in $allResources) {
+        Set-AzStorageAccount -ResourceGroupName $resource.ResourceGroupName -AccountName $resource.StorageAccountName -MinimumTlsVersion TLS1_2
+    }
+}
+
+Write-Host "========================================================================================================================================================================"
+Write-Host "Done."
--- a/Powershell/Tools/ApplyTags.ps1
+++ b/Powershell/Tools/ApplyTags.ps1
@@ -19,10 +19,12 @@ function ApplyTeamTag (

    }
    catch {
-        Write-Warning "Could not update $resourceId"
+         Write-Warning "Could not update $resourceId"
    }
 }

+ApplyTeamTag -resourceId '/subscriptions/a134faf1-7a89-4f2c-8389-06d00bd5e2a7/resourceGroups/RespondentIntegrationEventSync/providers/Microsoft.KeyVault/vaults/RespondentEventSync' -subscriptionId 'a134faf1-7a89-4f2c-8389-06d00bd5e2a7' -tagValue 'orange'
+
 function ApplyProductTag (
    [string] $resourceId, 
    [string] $subscriptionId,
@@ -80,7 +82,4 @@ function ApplyDataTag (
    catch {
        Write-Warning "Could not update $resourceId"
    }
-}
-
-
-
+}
--- a/verification/DNS.ps1
+++ b/verification/DNS.ps1
@@ -1,4 +1,93 @@
-class HostCheck {
+class AppServiceHostName {
+    [string] $resourceId = ""
+    [string] $subscriptionId = ""
+    [string] $subscriptionName = ""
+    [string] $webAppName = ""
+    [string] $resourceGroupName = ""
+    [string] $slotName = ""
+    [string] $hostname  = ""
+}
+
+function Effectory-GetAppServiceHostNames () {
+    $subscriptions = Get-AzSubscription
+    [AppServiceHostName[]]$ResultGetAppServiceHostNames = @()
+
+    foreach ($subscription in $subscriptions) 
+    {
+        $subscriptionContext = Set-AzContext -SubscriptionId $subscription.Id
+        $allWebApps = Get-AzWebApp
+
+        foreach ($webApp in $allWebApps) {
+            foreach ($webappHostName in $webApp.HostNames) {
+                [AppServiceHostName] $appServiceHostName = [AppServiceHostName]::new()
+                $appServiceHostName.resourceId = $webApp.Id
+                $appServiceHostName.subscriptionId = $subscription.Id
+                $appServiceHostName.subscriptionName = $subscription.Name
+                $appServiceHostName.webAppName = $webApp.Name
+                $appServiceHostName.resourceGroupName = $webApp.ResourceGroup
+                $appServiceHostName.slotName = ""
+                $appServiceHostName.hostname = $webappHostName
+                $ResultGetAppServiceHostNames += $appServiceHostName
+            }
+
+            $webAppSlots = Get-AzWebAppSlot -Name $webApp.Name -ResourceGroupName $webApp.ResourceGroup
+            foreach ($webAppSlot in $webAppSlots) {
+                foreach ($webappSlotHostName in $webAppSlot.HostNames) {
+                    [AppServiceHostName] $appServiceHostNameSlot = [AppServiceHostName]::new()
+                    $appServiceHostNameSlot.resourceId = $webApp.Id
+                    $appServiceHostNameSlot.subscriptionId = $subscription.Id
+                    $appServiceHostNameSlot.subscriptionName = $subscription.Name
+                    $appServiceHostNameSlot.webAppName = $webApp.Name
+                    $appServiceHostNameSlot.resourceGroupName = $webApp.ResourceGroup
+                    $appServiceHostNameSlot.slotName = $webappSlot.Name
+                    $appServiceHostNameSlot.hostname = $webappSlotHostName
+                    $ResultGetAppServiceHostNames += $appServiceHostNameSlot
+                }
+            }
+        }
+    }
+
+    return $ResultGetAppServiceHostNames
+}
+
+class FrontDoorHostName {
+    [string] $resourceId = ""
+    [string] $subscriptionId = ""
+    [string] $subscriptionName = ""
+    [string] $frontDoorName = ""
+    [string] $endPointName = ""
+    [string] $hostname  = ""
+}
+
+function Effectory-GetFrontDoorHostNames () {
+    $subscriptions = Get-AzSubscription
+    [FrontDoorHostName[]]$ResultGetFrontDoorHostNames = @()
+
+    foreach ($subscription in $subscriptions) 
+    {
+        $subscriptionContext = Set-AzContext -SubscriptionId $subscription.Id
+        $allFrontDoors = Get-AzFrontDoor
+
+        foreach ($frontDoor in $allFrontDoors) {
+
+            foreach ($frontDoorEndPoint in $frontDoor.FrontendEndpoints) {
+                [FrontDoorHostName] $frontDoorHostName = [FrontDoorHostName]::new()
+                $frontDoorHostName.resourceId = $frontDoor.Id
+                $frontDoorHostName.subscriptionId = $subscription.Id
+                $frontDoorHostName.subscriptionName = $subscription.Name
+                $frontDoorHostName.frontDoorName = $frontDoor.Name
+                $frontDoorHostName.endPointName = $frontDoorEndPoint.Name
+                $frontDoorHostName.hostname = $frontDoorEndPoint.HostName
+                $ResultGetFrontDoorHostNames += $frontDoorHostName
+            }
+        }
+    }
+
+    return $ResultGetFrontDoorHostNames
+}
+
+
+class HostCheck {
    [string] $HostName = ""
    [string] $Fqdn = ""
    [string] $CName = ""
@@ -29,31 +118,44 @@ function HostExistsInExternal ([HostCheck] $hostCheck, [string] $ExternalDNSServ
 function GetIPAddress ([HostCheck] $hostCheck) {
    try {
        $hostAddresses = [System.Net.Dns]::GetHostAddresses($hostCheck.Fqdn)
-
        $hostCheck.IpAddress = $hostAddresses.IPAddressToString
-        $hostCheck.Exists = $true
+        
    }
    catch { 
        try {
            $hostAddresses = [System.Net.Dns]::GetHostAddresses($hostCheck.HostName)

            $hostCheck.IpAddress = $hostAddresses.IPAddressToString
-            $hostCheck.Exists = $true
        }
        catch {
            $hostCheck.IpAddress = ""
-            $hostCheck.Exists = $false
        }

    }
    return $hostCheck
 }

+function TestIPConnection ([HostCheck] $hostCheck) {
+    try {
+        if (Test-Connection -TargetName $hostCheck.IpAddress -Count 1 -Quiet) {
+            $hostCheck.Exists = $true
+        }
+        else {
+            $hostCheck.Exists = $false
+        }
+    }
+    catch {
+        $hostCheck.Exists = $false
+    }
+    return $hostCheck
+}
+
 function Effectory-DNSVerify (
    [string] $ZoneName = "effectory.com", 
    [string] $DNSServer = "DC1.effectory.local",
    [string] $ExternalDNSServer = "8.8.8.8",
-    [string] $Type = "CName") {
+    [string] $Type = "CName",
+    [boolean] $DoIpCheck = $false) {
    
    Clear-DnsClientCache

@@ -87,8 +189,13 @@ function Effectory-DNSVerify (
        }
        $hostCheck.CName = $cname

-        $hostCheck = HostExistsInExternal -host $hostCheck -ExternalDNSServer $ExternalDNSServer
-        $hostCheck = GetIPAddress -host $hostCheck
+        $hostCheck = HostExistsInExternal -hostCheck $hostCheck -ExternalDNSServer $ExternalDNSServer
+        $hostCheck = GetIPAddress -hostCheck $hostCheck
+        if ($DoIpCheck) {
+            $hostCheck = TestIPConnection -hostCheck $hostCheck
+        } else {
+            $hostCheck.Exists = $hostCheck.IpAddress -ne ""
+        }

        $Result += $hostCheck
    }
@@ -117,8 +224,9 @@ function Effectory-DNSVerify-Csv (
        $hostCheck.CName = $DNSRecord.Cname
        $hostCheck.Fqdn = $DNSRecord.Fqdn

-        $hostCheck = HostExistsInExternal -host $hostCheck -ExternalDNSServer $ExternalDNSServer
-        $hostCheck = GetIPAddress -host $hostCheck
+        $hostCheck = HostExistsInExternal -hostCheck $hostCheck -ExternalDNSServer $ExternalDNSServer
+        $hostCheck = GetIPAddress -hostCheck $hostCheck
+        $hostCheck.Exists = $hostCheck.IpAddress -ne ""

        $Result += $hostCheck
    }
@@ -155,10 +263,13 @@ function Effectory-DNSClean-Csv (
    }
 }

+#Connect-AzAccount

-#Effectory-DNSVerify -ZoneName "effectory.com" -DNSServer "DC1.effectory.local" -ExternalDNSServer "8.8.8.8" | Export-Csv -Path .\DNS-effectory-com.csv
-#Effectory-DNSVerify -ZoneName "effectory.local" -DNSServer "DC1.effectory.local" -ExternalDNSServer "DC2.effectory.local" | Export-Csv -Path .\DNS-effectory-local.csv
-Effectory-DNSVerify-Csv -FileName .\Book1.csv -ExternalDNSServer "8.8.8.8" | Export-Csv -Path .\DNS-vip.csv
+#Effectory-DNSVerify -ZoneName "effectory.com" -DNSServer "DC1.effectory.local" -ExternalDNSServer "8.8.8.8" | Export-Csv -Path ".\2021-06-01 DNS-effectory-com.csv"
+#Effectory-DNSVerify -ZoneName "effectory.local" -DNSServer "DC1.effectory.local" -ExternalDNSServer "DC2.effectory.local" -DoIpCheck $true | Export-Csv -Path ".\2021-06-01 DNS-effectory-local.csv" 
+#Effectory-DNSVerify-Csv -FileName .\vip-effectory-com.csv -ExternalDNSServer "8.8.8.8" | Export-Csv -Path ".\2021-06-01 DNS-vip-effectory-com.csv"
+#Effectory-GetAppServiceHostNames | Export-Csv -Path ".\2021-06-01 AppService Hosts.csv"
+Effectory-GetFrontDoorHostNames | Export-Csv -Path ".\2021-06-01 FrontDoor Hosts.csv"

 # | Format-Table
 # | Export-Csv -Path .\DNS-xxxx.csv