azure_enum 0.1.0 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +9 -0
- data/README.md +44 -1
- data/exe/azure_enum +6 -1
- data/lib/azure_enum.rb +29 -15
- data/lib/azure_enum/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6fdc83880b2b733e7d62d3547acddfaf63545d96fe971e40476141aff0478a41
|
4
|
+
data.tar.gz: f41d54b8da002a67330179fe77f64dd419fd7588494fa1f0b2bdd0384f92d98c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a3a494b52395dac75e451203506bd73b3f17613fbe28c4716837d6299363379df4220bdad19da13ce144d16f3ed3be499c0188fed1161301d975f89c23394d93
|
7
|
+
data.tar.gz: 601600c96b145a70524b6b390f30caee359451e49e9398fa7e04e242e5c9264936db14783d4b1c510a7c684361efab7d05728032289d82f733a17957bdcfd876
|
data/.rubocop.yml
CHANGED
data/README.md
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
# AzureEnum
|
2
2
|
|
3
|
-
This Ruby Gem assists in enumeration of Office 365 federated domains. This can allow you to identify domains associated with a business, not easily identified through traditional means.
|
3
|
+
This Ruby Gem assists in enumeration of Office 365 or Exchange on-premise federated domains. This can allow you to identify domains associated with a business, not easily identified through traditional means. The examples below demonstrate how output can be interesting.
|
4
4
|
|
5
5
|
The time this process takes can vary from a few seconds to a few minutes depending on the hosting server.
|
6
6
|
## Installation
|
@@ -37,6 +37,44 @@ lolzware.onmicrosoft.com
|
|
37
37
|
lolware.net
|
38
38
|
```
|
39
39
|
|
40
|
+
## Examples
|
41
|
+
|
42
|
+
The following examples against some random domains demonstrate the tools capabilities.
|
43
|
+
|
44
|
+
```
|
45
|
+
$ azure_enum afl.com.au
|
46
|
+
Please wait while the given domain is enumerated.
|
47
|
+
afl.com.au
|
48
|
+
aflnt.com.au
|
49
|
+
ntthunder.com.au
|
50
|
+
aflgoulburnmurray.com.au
|
51
|
+
aflwesterndistrict.com.au
|
52
|
+
aflgippsland.com.au
|
53
|
+
aflyarraranges.com.au
|
54
|
+
|
55
|
+
$ azure_enum kmart.com.au
|
56
|
+
Please wait while the given domain is enumerated.
|
57
|
+
kmart.com.au
|
58
|
+
KASAsia.com
|
59
|
+
|
60
|
+
$ azure_enum microsoft.com
|
61
|
+
Please wait while the given domain is enumerated.
|
62
|
+
corp.webtv.net
|
63
|
+
microsoft.onmicrosoft.com
|
64
|
+
surface.com
|
65
|
+
bungie.com
|
66
|
+
navic.tv
|
67
|
+
middleeast.corp.microsoft.com
|
68
|
+
wingroup.windeploy.ntdev.microsoft.com
|
69
|
+
exchangecalendarsharing.com
|
70
|
+
redmond.corp.microsoft.com
|
71
|
+
northamerica.corp.microsoft.com
|
72
|
+
bing.com
|
73
|
+
corp.microsoft.com
|
74
|
+
placeware.com
|
75
|
+
(snip large list)
|
76
|
+
```
|
77
|
+
|
40
78
|
## Development
|
41
79
|
|
42
80
|
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
@@ -46,6 +84,11 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
|
|
46
84
|
## Contributing
|
47
85
|
|
48
86
|
Bug reports and pull requests are welcome on GitHub at https://github.com/technion/azure_enum.
|
87
|
+
Sometimes you get this output:
|
88
|
+
|
89
|
+
Unknown key: Max-Age = 31536000
|
90
|
+
|
91
|
+
It seems to be a known bug in HTTPClient.
|
49
92
|
|
50
93
|
## License
|
51
94
|
|
data/exe/azure_enum
CHANGED
@@ -8,5 +8,10 @@ if (ARGV.length == 0)
|
|
8
8
|
end
|
9
9
|
|
10
10
|
puts "Please wait while the given domain is enumerated."
|
11
|
-
|
11
|
+
domains = AzureEnum.federated(ARGV[0])
|
12
|
+
if (!domains || domains == [])
|
13
|
+
puts "Unfortunately this domain cannot be enumerated"
|
14
|
+
exit
|
15
|
+
end
|
12
16
|
|
17
|
+
puts domains
|
data/lib/azure_enum.rb
CHANGED
@@ -3,7 +3,9 @@ require "erb"
|
|
3
3
|
require "httpclient"
|
4
4
|
require "nokogiri"
|
5
5
|
|
6
|
+
# Azure and Exchange federated domain enumerator
|
6
7
|
module AzureEnum
|
8
|
+
# Class initializes with a domain name, and provides methods to interact with MS Autodiscover
|
7
9
|
class Federation
|
8
10
|
def initialize(domain)
|
9
11
|
@domain = domain
|
@@ -11,6 +13,7 @@ module AzureEnum
|
|
11
13
|
@redirect = nil
|
12
14
|
end
|
13
15
|
|
16
|
+
# This will identify if the http:// redirect exists for the domain, usually per Office 365
|
14
17
|
def check_redirect
|
15
18
|
url = "http://autodiscover.#{@domain}/autodiscover/autodiscover.svc"
|
16
19
|
begin
|
@@ -24,8 +27,8 @@ module AzureEnum
|
|
24
27
|
|
25
28
|
def enumerate_autodisc
|
26
29
|
httpsdomains = [
|
27
|
-
"https
|
28
|
-
"https
|
30
|
+
"https://autodiscover.#{@domain}/autodiscover/autodiscover.svc",
|
31
|
+
"https://#{@domain}/autodiscover/autodiscover.svc"
|
29
32
|
]
|
30
33
|
|
31
34
|
httpsdomains.unshift @redirect if @redirect
|
@@ -36,47 +39,58 @@ module AzureEnum
|
|
36
39
|
content = { "Content-Type" => "text/xml; charset=utf-8" }
|
37
40
|
res = http.post(url, xml, content)
|
38
41
|
@xml_text = res.content
|
39
|
-
return
|
40
|
-
|
42
|
+
return true
|
43
|
+
# It is bad style to rescue "all" errors. However, it turns out there is a practically
|
44
|
+
# never ending list of ways this can fail. And "any" failure is reason to rule out the address
|
41
45
|
rescue
|
42
46
|
next
|
43
47
|
end
|
44
48
|
end
|
49
|
+
return false
|
45
50
|
end
|
51
|
+
|
46
52
|
def getdomains
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
node.text
|
54
|
-
end
|
53
|
+
raise "enumumerate_autodisc not called yet" unless @xml_text
|
54
|
+
tree = Nokogiri.parse(@xml_text)
|
55
|
+
tree.xpath(
|
56
|
+
"//ad:GetFederationInformationResponseMessage/ad:Response/ad:Domains/ad:Domain",
|
57
|
+
ad: "http://schemas.microsoft.com/exchange/2010/Autodiscover"
|
58
|
+
).map(&:text)
|
55
59
|
end
|
56
60
|
|
57
61
|
private
|
62
|
+
|
63
|
+
# This is an internal class just to pass the correct structure to ERB in get_xml
|
58
64
|
class Discovery
|
59
65
|
def initialize(domain, url)
|
60
66
|
@domain = domain
|
61
67
|
@url = url
|
62
68
|
end
|
69
|
+
|
63
70
|
def get_binding
|
64
71
|
binding
|
65
72
|
end
|
66
73
|
end
|
74
|
+
|
67
75
|
def get_xml(domain, url)
|
68
|
-
|
76
|
+
path = File.dirname __dir__
|
77
|
+
template = File.read(File.join(path, "discovery.xml.erb"))
|
69
78
|
renderer = ERB.new(template)
|
70
79
|
discovery = Discovery.new(domain, url)
|
71
80
|
renderer.result(discovery.get_binding)
|
72
81
|
end
|
73
82
|
end
|
83
|
+
|
84
|
+
# This is the intended API: runs each step of the enumeration process and returns a result
|
74
85
|
class << self
|
75
86
|
def federated(domain)
|
76
87
|
e = Federation.new(domain)
|
77
88
|
e.check_redirect
|
78
|
-
e.enumerate_autodisc
|
79
|
-
|
89
|
+
if e.enumerate_autodisc
|
90
|
+
e.getdomains
|
91
|
+
else
|
92
|
+
nil
|
93
|
+
end
|
80
94
|
end
|
81
95
|
end
|
82
96
|
end
|
data/lib/azure_enum/version.rb
CHANGED