Subdomain takeover module

- Added webapps, frontdoor, storage and cdn
2026-02-28 03:02:19 +01:00 · 2021-08-13 16:51:07 +02:00
parent 1a3bc1370e
commit 31f3acdd3b
17 changed files with 539 additions and 28 deletions
--- a/Powershell/Modules/Effectory.Dns/Effectory.Dns/public/Get-EffectoryDomainResources.ps1
+++ b/Powershell/Modules/Effectory.Dns/Effectory.Dns/public/Get-EffectoryDomainResources.ps1
@@ -0,0 +1,97 @@
+#Requires -Modules Az.Accounts,Az.Websites,Az.FrontDoor,Az.Storage,Az.Cdn,Az.Network,Az.TrafficManager,Az.ContainerInstance
+function Get-EffectoryDomainResources {
+    <#
+   .SYNOPSIS
+    Find dangling DNS records
+    .DESCRIPTION
+    Compares DNS bindings with a previous state and checks the existence of DNS records for bindings that may have been deleted.
+    .PARAMETER subscriptionId
+    Optional Subscription Id to set the context to. Otherwise uses the current context.
+    #>
+    param(
+         [Parameter()]
+         [string] $subscriptionId 
+    )
+
+    # Initialize
+    [EffectoryDomainNameCheck[]]$result = @()
+    [string]$effectoryDomainPattern = "*.effectory.com"
+
+    # Get subscription info
+    [Microsoft.Azure.Commands.Profile.Models.Core.PSAzureContext]$currentContext = $null
+    if (![string]::IsNullOrWhitespace($subscriptionId)) {
+        $currentContext = Set-AzContext -SubscriptionId $subscriptionId
+    }
+    else {
+        $currentContext = Get-AzContext
+        $subscriptionId = $currentContext.Subscription
+    }
+
+    Write-Host "Processing subscription $($currentContext.Name)"
+
+    # ------------------------------------------------------------------------------------------------------------------
+    Write-Host "Checking WebApps and WebApp Slots for subscription $($currentContext.Name)"
+    # $webApps = Get-AzWebApp 
+    # [int]$webAppCounter = 0
+    # [int]$webAppSlotCounter = 0
+
+    # if ($null -ne $webApps) {
+    #     # check webapps
+    #     $itemsWebApps = CheckWebApps -subscription $currentContext -webApps $webApps -effectoryDomainPattern $effectoryDomainPattern
+    #     $webAppCounter += $itemsWebApps.Count
+    #     $result +=  $itemsWebApps
+
+    #     # check webapp slots
+    #     foreach ($webApp in $webApps) {
+    #         $slot = Get-AzWebAppSlot -WebApp $webApp 
+    #         if ($null -ne $slot) {
+    #             $itemsWebAppSlots = CheckWebApps -subscription $currentContext -webApps $slot -effectoryDomainPattern $effectoryDomainPattern
+    #             $webAppSlotCounter += $itemsWebAppSlots.Count
+    #             $result +=  $itemsWebAppSlots
+    #         }
+    #     }
+    # }
+    # Write-Host "Found $($webAppCounter) WebApps and  $($webAppSlotsCounter) WebApp Slots for subscription $($currentContext.Name)"
+    
+    # ------------------------------------------------------------------------------------------------------------------
+    Write-Host "Checking FrontDoor Endpoints for subscription $($currentContext.Name)"
+    $frontDoors = Get-AzFrontDoor
+    [int]$frontDoorEndPointCounter = 0
+
+    if ($null -ne $frontDoors) {
+        $itemsFrontDoors = CheckFrontDoorEndPoints -subscription $currentContext -frontDoors $frontDoors -effectoryDomainPattern $effectoryDomainPattern
+        $frontDoorEndPointCounter += $itemsFrontDoors.Count
+        $result += $itemsFrontDoors
+    }
+    Write-Host "Found $($frontDoorEndPointCounter) FrontDoor Endpoints for subscription $($currentContext.Name)"
+
+    # ------------------------------------------------------------------------------------------------------------------
+    Write-Host "Checking Storage Accounts for subscription $($currentContext.Name)"
+    $storageAccounts = Get-AzStorageAccount | Where-Object { $_.CustomDomain.Name -like $effectoryDomainPattern } # storage accounts
+    [int]$storageCounter = 0
+
+    if ($null -ne $storageAccounts) {
+        $itemsStorage = CheckStorageAccounts -subscription $currentContext -storageAccounts $storageAccounts -effectoryDomainPattern $effectoryDomainPattern
+        $storageCounter += $itemsStorage.Count
+        $result += $itemsStorage
+    }
+    Write-Host "Found $($storageCounter) Storage Accounts for subscription $($currentContext.Name)"
+ 
+    # ------------------------------------------------------------------------------------------------------------------
+    Write-Host "Checking Cdn Endpoints for subscription $($currentContext.Name)"
+    $cdnProfiles = Get-AzCdnProfile
+    [int]$cdnCounter = 0
+    
+    if ($null -ne $cdnProfiles) {
+        $itemsCdn = CheckCdnEndpoints -subscription $currentContext -cdnProfiles $cdnProfiles -effectoryDomainPattern $effectoryDomainPattern
+        $cdnCounter += $itemsCdn.Count
+        $result += $itemsCdn
+    }
+    Write-Host "Found $($cdnCounter) Cdn Endpoints for subscription $($currentContext.Name)"
+ 
+   
+    $result
+}
+
+
+