jurjen.ladenius/Cloud-20Engineering
1
0
Fork 0
mirror of https://dev.azure.com/effectory/Survey%20Software/_git/Cloud%20Engineering synced 2026-02-27 18:52:18 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
1a5ba10e07099b0ce5a4d8385251c50fbe36c8a1
Cloud-20Engineering/Powershell/Modules/Effectory.Dns/Effectory.Dns/public/VerifyEffectoryDomainResources.ps1
Jurjen Ladenius 1a5ba10e07 Published version of Subdomain Takeover check
2021-09-06 13:34:38 +02:00

50 lines
2.4 KiB
PowerShell
Raw Blame History

function VerifyEffectoryDomainResources {
<#
.SYNOPSIS
Find resources in Azure that no longer exist, but have DNS records.
.DESCRIPTION
Gets all resources that have hostnames.
.PARAMETER effectoryDomainPattern
The domain pattern to look for when enumerating hosts, e.g. '*.effectory.com'
.PARAMETER effectoryResources
The resources that currently exist.
.PARAMETER effectoryResourcesPrevious
The resources that existed previously.
#>
param(
[Parameter(Mandatory)]
[string] $effectoryDomainPattern,
[Parameter(Mandatory)]
[AllowNull()]
[EffectoryDomainNameCheck[]] $effectoryResources,
[Parameter(Mandatory)]
[AllowNull()]
[EffectoryDomainNameCheck[]] $effectoryResourcesPrevious
)
[bool] $hasErrors = $false
# ----------------------------------------------------------------------------------------------------------
Write-Verbose "Comparing found resources with previously stored resources to find records that should've been deleted."
foreach ($oldResource in $effectoryResourcesPrevious) {
$currentItem = $effectoryResources.Where({$_.DomainName -eq $oldResource.DomainName}, 'First')
if (($null -eq $currentItem) -or ($currentItem.Count -eq 0)) {
# Host name no longer exists, so there should be no DNS record
# check
Write-Warning "Host name '$($oldResource.DomainName)' no longer exists. Checking DNS record for '$($oldResource.ResourceName)' ($($oldResource.ResourceType))."
$CName = DnsResolveHost -domainName $oldResource.DomainName -effectoryDomainPattern $effectoryDomainPattern -externalDNSServer "8.8.8.8"
if (($null -ne $CName) -and ($CName -ne "")) {
Write-Error "Host name '$($oldResource.DomainName)' no longer exists, but found DNS record '$($CName)' for '$($oldResource.ResourceName)' ($($oldResource.ResourceType))."
$hasErrors = $true
}
}
elseif (($oldResource.ResourceName -ne $currentItem.ResourceName) -or ($oldResource.ResourceId -ne $currentItem.ResourceId)) {
# found, but does not point to the same resource
# verify the DNS record to make sure it points to this resource
Write-Warning "Host name '$($oldResource.DomainName)' was found, but points to another resource. Assuming this was intentional."
}
}
$hasErrors
}
Reference in New Issue View Git Blame Copy Permalink