Skip to content

Commit f2b8801

Browse files
committed
cleaning container names
1 parent 7216b7c commit f2b8801

1 file changed

Lines changed: 15 additions & 3 deletions

File tree

enum_tools/azure_checks.py

Lines changed: 15 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@
2323
# {whatever}.{region}.cloudapp.azure.com
2424
VM_URL = 'cloudapp.azure.com'
2525

26+
2627
def print_account_response(reply):
2728
"""
2829
Parses the HTTP reply of a brute-force attempt
@@ -94,10 +95,12 @@ def print_container_response(reply):
9495
"""
9596
# Stop brute forcing disabled accounts
9697
if 'The specified account is disabled' in reply.reason:
98+
print("[!] Breaking out early, account disabled.")
9799
return 'breakout'
98100

99101
# Stop brute forcing accounts without permission
100102
if 'not authorized to perform this operation' in reply.reason:
103+
print("[!] Breaking out early, auth errors.")
101104
return 'breakout'
102105

103106
# Handle other responses
@@ -140,21 +143,30 @@ def brute_force_containers(storage_accounts, brute_list, threads):
140143
with open(brute_list, encoding="utf8", errors="ignore") as infile:
141144
names = infile.read().splitlines()
142145

146+
# Clean up the names to usable for containers
147+
banned_chars = re.compile('[^a-z0-9-]')
148+
clean_names = []
149+
for name in names:
150+
name = name.lower()
151+
name = banned_chars.sub('', name)
152+
if name not in clean_names:
153+
clean_names.append(name)
154+
143155
# Start a counter to report on elapsed time
144156
start_time = utils.start_timer()
145157

146158
print("[*] Brute-forcing container names in {} storage accounts"
147159
.format(len(valid_accounts)))
148160

149161
for account in valid_accounts:
150-
print("[*] Brute-forcing container names in {}"
151-
.format(account))
162+
print("[*] Brute-forcing {} container names in {}"
163+
.format(len(clean_names), account))
152164

153165
# Initialize the list of correctly formatted urls
154166
candidates = []
155167

156168
# Take each mutated keyword and craft a url with correct format
157-
for name in names:
169+
for name in clean_names:
158170
candidates.append('{}/{}/?restype=container&comp=list'
159171
.format(account, name))
160172

0 commit comments

Comments
 (0)