def print_container_response(reply): """ Parses the HTTP reply of a brute-force attempt This function is passed into the class object so we can view results in real-time. """ # Stop brute forcing disabled accounts if 'The specified account is disabled' in reply.reason: return 'breakout' # Stop brute forcing accounts without permission if 'not authorized to perform this operation' in reply.reason: return 'breakout' # Handle other responses if reply.status_code == 404: pass elif reply.status_code == 200: utils.printc(" OPEN AZURE CONTAINER: {}\n".format(reply.url), 'green') elif 'One of the request inputs is out of range' in reply.reason: pass else: print(" Unknown status codes being received:\n" " {}: {}".format(reply.status_code, reply.reason))
def print_vm_response(hostname): """ This function is passed into the DNS brute force as a callback, so we can get real-time results. """ utils.printc( " Registered Azure Virtual Machine DNS Name: {}\n".format(hostname), 'green')
def print_bucket_response(reply): """ Parses the HTTP reply of a brute-force attempt This function is passed into the class object so we can view results in real-time. """ if reply.status_code == 404: pass elif reply.status_code == 200: utils.printc(" OPEN GOOGLE BUCKET: {}\n" .format(reply.url), 'green') elif reply.status_code == 403: utils.printc(" Protected Google Bucket: {}\n" .format(reply.url), 'orange') else: print(" Unknown status codes being received:\n" " {}: {}" .format(reply.status_code, reply.reason))
def print_s3_response(reply): """ Parses the HTTP reply of a brute-force attempt This function is passed into the class object so we can view results in real-time. """ if reply.status_code == 404: pass elif reply.status_code == 200: utils.printc(" OPEN S3 BUCKET: {}\n" .format(reply.url), 'green') elif reply.status_code == 403: utils.printc(" Protected S3 Bucket: {}\n" .format(reply.url), 'orange') elif 'Slow Down' in reply.reason: print("[!] You've been rate limited, exiting.") sys.exit() else: print(" Unknown status codes being received:\n" " {}: {}" .format(reply.status_code, reply.reason))
def print_account_response(reply): """ Parses the HTTP reply of a brute-force attempt This function is passed into the class object so we can view results in real-time. """ if reply.status_code == 404: pass elif 'The specified account is disabled' in reply.reason: utils.printc(" Disabled Storage Account: {}\n".format(reply.url), 'red') elif 'Value for one of the query' in reply.reason: utils.printc(" HTTP-OK Storage Account: {}\n".format(reply.url), 'orange') elif 'The account being accessed' in reply.reason: utils.printc(" HTTPS-Only Storage Account: {}\n".format(reply.url), 'orange') else: print(" Unknown status codes being received:\n" " {}: {}".format(reply.status_code, reply.reason))