Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/rodnt/quickaz
Quickly enumerate the attack surfaces on Azure
https://github.com/rodnt/quickaz
azure pentest recon redteam
Last synced: 20 days ago
JSON representation
Quickly enumerate the attack surfaces on Azure
- Host: GitHub
- URL: https://github.com/rodnt/quickaz
- Owner: rodnt
- License: apache-2.0
- Created: 2023-08-08T00:42:39.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-04-09T18:48:33.000Z (10 months ago)
- Last Synced: 2024-04-09T23:20:46.326Z (10 months ago)
- Topics: azure, pentest, recon, redteam
- Language: Python
- Homepage:
- Size: 376 KB
- Stars: 1
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# **QuickAZ**
> QuickAZ, find (Maybe) attacks surfaces (Azure) 🚩🐍
```console
Usage: quickaz.py [OPTIONS] HOSTNAME
╭─ Arguments ──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ * hostname TEXT [default: None] [required] │
╰──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
╭─ Options ────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ --permutation-wordlist-path TEXT Wordlist with common names to permute while brute force blobs and others services [default: wordlists/permutation.txt] │
│ --brute-blob --no-brute-blob Enable brute force blobs [default: no-brute-blob] │
│ --brute-dev-blob --no-brute-dev-blob Enable brute force dev.azure.com/[org-id] [default: no-brute-dev-blob] │
│ --paths-wordlist-path TEXT Wordlist with common paths to discover open containers [default: wordlists/paths.txt] │
│ --regions-wordlist-path TEXT Wordlist with common regions to discover cloudpass [default: wordlists/regions.txt] │
│ --verbose --no-verbose [default: no-verbose] │
│ --emails TEXT Wordlist with emails to enumerate [default: None] │
│ --output TEXT Output folder [default: output] │
│ --enum-mails --no-enum-mails Enable enumerate emails from wordlist provided or from email generator [default: no-enum-mails] │
│ --gen-emails TEXT Email pattern to generate emails based on schemas: [email protected] or [email protected] │
│ --first-names TEXT Wordlist with firstnames to generate with gen_emails flag [default: wordlists/names/brazil_firstnames.txt] │
│ --last-names TEXT Wordlist with surname to generate with gen_emails flag [default: wordlists/names/brazil_secondname.txt] │
│ --threads TEXT Threads while enumerate emails > 2 maybe you get false positives [default: 2] │
│ --enumall --no-enumall Enumerate web,queue,files and others [default: no-enumall] │
│ --proxy TEXT Proxy to use │
│ --socks-proxy TEXT Socks proxy to use │
│ --tor --no-tor Use tor proxy [default: no-tor] │
│ --install-completion Install completion for the current shell. │
│ --show-completion Show completion for the current shell, to copy it or customize the installation. │
│ --help Show this message and exit. │
╰──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
```
##### TODO List :)
[https://github.com/rodnt/quickaz/blob/main/TODO.md](https://github.com/rodnt/quickaz/blob/main/TODO.md)
#### Features
- [x] Enumerate tenant
- [x] Enumerate users from a given hostname
- [x] Realm finder
- [x] Proxy Support
- [x] OpenID
- [x] Container finder
- [x] Storage finder
- [x] Find Tenant names
- [x] Find dev.azure.com/ORG names
- [x] Find OneDrive Urls
- [x] Finding open queue,dfs,files,web
- [x] Enumerate mail users o365
- [x] Given wordlist
- [x] Schema generator
##### Usage
- Brute force blobs
- `python3 quickaz.py example.com --brute-blob`
- Enumerate emails at office 365 with list of know emails
- `python3 quickaz.py example.com --enum-mails --emails --output example`
- Brute Force all services
- `python3 quickaz.py example --enumall --brute-blob --output example`
- Usage with proxy
- `python3 quickaz.py example.com --enumall --output example --proxy 127.0.0.1:808`
- Help menu
- `python3 quickaz.py --help`
##### Install
```bash
python3 -m pip install -r requirements.txt --user
```
##### Useful google dorks
```
GitHub:
"#EXT#" AND onmicrosoft.com AND lang:Shell OR lang:PowerShell
"https://" AND "blob.core.windows.net/newcontainer" AND sig
```
```console
.blob.core.windows.net
cloud.blob.core.windows.net
images.blob.core.windows.net
backup.blob.core.windows.net
backups.blob.core.windows.net
storage.blob.core.windows.net
cdn.blob.core.windows.net
assets.blob.core.windows.net
files.blob.core.windows.net
resources.blob.core.windows.net
documents.blob.core.windows.net
development.blob.core.windows.net
production.blob.core.windows.net
qa.blob.core.windows.net
prod.blob.core.windows.net
dev.blob.core.windows.net
stage.blob.core.windows.net
staging.blob.core.windows.net
web.blob.core.windows.net
website.blob.core.windows.net
test.blob.core.windows.net
```