First version of subdomain takeover runbook

Powershell/RunBooks/SQLMaintenanceTemplate.ps1

@@ -0,0 +1,17 @@
+$AzureSQLServerName = "xxxx" 
+$AzureSQLDatabaseName = "yyyy" 
+$SQLOutput = ""
+
+try {
+   $AzureSQLServerName = $AzureSQLServerName + ".database.windows.net" 
+   $Cred = Get-AutomationPSCredential -Name "SQLServerUser-AzureAutomation" 
+   $SQLOutput = $(Invoke-Sqlcmd -ServerInstance $AzureSQLServerName -Username $Cred.UserName -Password $Cred.GetNetworkCredential().Password -Database $AzureSQLDatabaseName -Query "exec [dbo].[AzureSQLMaintenance] @Operation='all' ,@LogToTable=1" -QueryTimeout 65535 -ConnectionTimeout 60 -Verbose) 4>&1 
+}
+catch 
+{
+   Write-Host $_
+   throw "Error occured!"
+}
+finally {
+   Write-Output $SQLOutput​
+}

Powershell/RunBooks/SubdomainTakeOverCheck.ps1

@@ -0,0 +1,89 @@
+
+$effectoryDomainPattern = "*.effectory.com"
+
+Import-Module Az.Accounts
+Import-Module Az.Websites
+Import-Module Az.FrontDoor
+Import-Module Az.Storage
+Import-Module Az.Cdn
+Import-Module Az.Network
+Import-Module Az.TrafficManager
+Import-Module Az.ContainerInstance
+Import-Module Az.Automation
+Import-Module Az.Resources
+Import-Module Effectory.Dns -Force
+Import-Module DnsClient
+
+# --------------------------------------------------------- Connect to Azure
+$connectionName = "AzureRunAsConnection"
+try
+{
+    # Get the connection "AzureRunAsConnection "
+    $servicePrincipalConnection = Get-AutomationConnection -Name $connectionName       
+    $account = Connect-AzAccount `
+        -ServicePrincipal `
+        -TenantId $servicePrincipalConnection.TenantId `
+        -ApplicationId $servicePrincipalConnection.ApplicationId `
+        -CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint 
+    Write-Output ("Connected with Automation Account [$($account.Name)]")
+}
+catch {
+    if (!$servicePrincipalConnection)
+    {
+        throw "Connection $($connectionName) not found."
+    } 
+    else
+    {
+        Write-Error -Message $_.Exception
+        throw $_.Exception
+    }
+}
+
+# --------------------------------------------------------------- Get the connection string
+$connectionName = "RunbooksEffectory-StorageConnectionString"
+try
+{
+    $Cred = Get-AutomationPSCredential -Name $connectionName 
+    $connectionString = $cred.GetNetworkCredential().Password
+    Write-Output ("Retrieved connection string to Storage Account [$($cred.UserName)]")
+}
+catch {
+    if (!$connectionString)
+    {
+        throw "Connection $($connectionName) not found."
+    } 
+    else
+    {
+        Write-Error -Message $_.Exception
+        throw $_.Exception
+    }
+}
+
+try {
+    # --------------------------------------------------------------- Get the current resources
+    $subscriptions = Get-AzSubscription | Where-Object State -eq "Enabled"
+
+    [EffectoryDomainNameCheck[]]$effectoryResources = @()
+
+    foreach ($subscription in $subscriptions) 
+    {
+        $items = Get-EffectoryDomainResources -subscriptionId $subscription.Id -effectoryDomainPattern $effectoryDomainPattern
+        $effectoryResources = $effectoryResources + $items
+    }
+
+    # --------------------------------------------------------------- Get and compare the previous resources to the current resources
+
+    $effectoryResourcesPrevious = Get-BlobEffectoryDomainResources -connectionString $connectionString
+    $hasErrors = VerifyEffectoryDomainResources  -effectoryDomainPattern $effectoryDomainPattern -effectoryResources $effectoryResources -effectoryResourcesPrevious $effectoryResourcesPrevious
+
+    if ($hasErrors -eq $false) {
+        Set-BlobEffectoryDomainResources -connectionString $connectionString -effectoryResources $effectoryResources
+    }
+    else {
+        throw "Found domains that could possibly be used for subdomain takeover. Check the log for details."
+    }
+}
+catch {
+    Write-Error -Message $_.Exception
+    throw $_.Exception
+}