jurjen.ladenius/Cloud-20Engineering
1
0
Fork 0
mirror of https://dev.azure.com/effectory/Survey%20Software/_git/Cloud%20Engineering synced 2026-02-27 18:52:18 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
3a348fc8b028adec280a4087d833037acc154643
Cloud-20Engineering/Powershell/Modules/Effectory.Dns/Effectory.Dns/public/VerifyEffectoryDomainResources.ps1
Jurjen Ladenius 3a348fc8b0 First version of subdomain takeover runbook
2021-09-01 16:25:01 +02:00

50 lines
2.4 KiB
PowerShell
Raw Blame History

function VerifyEffectoryDomainResources {
<#
.SYNOPSIS
Find resources in Azure that no longer exist, but have DNS records.
.DESCRIPTION
Gets all resources that have hostnames.
.PARAMETER effectoryDomainPattern
The domain pattern to look for when enumerating hosts, e.g. '*.effectory.com'
.PARAMETER effectoryResources
The resources that currently exist.
.PARAMETER effectoryResourcesPrevious
The resources that existed previously.
#>
param(
[Parameter(Mandatory)]
[string] $effectoryDomainPattern,
[Parameter(Mandatory)]
[AllowNull()]
[EffectoryDomainNameCheck[]] $effectoryResources,
[Parameter(Mandatory)]
[AllowNull()]
[EffectoryDomainNameCheck[]] $effectoryResourcesPrevious
)
[bool] $hasErrors = $false
# ----------------------------------------------------------------------------------------------------------
Write-Information "Comparing found resources with previously stored resources to find records that should've been deleted."
foreach ($oldResource in $effectoryResourcesPrevious) {
$currentItem = $effectoryResources.Where({$_.DomainName -eq $oldResource.DomainName}, 'First')
if (($null -eq $currentItem) -or ($currentItem.Count -eq 0)) {
# Host name no longer exists, so there should be no DNS record
# check
Write-Warning "Host name '$($oldResource.DomainName)' no longer exists. Checking DNS record for '$($oldResource.ResourceName)' ($($oldResource.ResourceType))."
$CName = DnsResolveHost -domainName $oldResource.DomainName -effectoryDomainPattern $effectoryDomainPattern -externalDNSServer "8.8.8.8"
if (($null -ne $CName) -and ($CName -ne "")) {
Write-Error "Host name '$($oldResource.DomainName)' no longer exists, but found DNS record '$($CName)' for '$($oldResource.ResourceName)' ($($oldResource.ResourceType))."
$hasErrors = $true
}
}
elseif (($oldResource.ResourceName -ne $currentItem.ResourceName) -or ($oldResource.ResourceId -ne $currentItem.ResourceId)) {
# found, but does not point to the same resource
# verify the DNS record to make sure it points to this resource
Write-Warning "Host name '$($oldResource.DomainName)' was found, but points to another resource. Assuming this was intentional."
}
}
$hasErrors
}
Reference in New Issue View Git Blame Copy Permalink