PSCloudScanner.psm1
|
. "$PSScriptRoot\_functionReference.ps1"; <# .SYNOPSIS Starts scanning the Azure context of specified credentials based on user parameters. If any parameters are not specified the module will default to processing everthing. .DESCRIPTION Scans Azure service like Key Vault, Active Directory, App Services and Virtual Machines for keys, secrets and certificates and outputs it's associated expiry dates. Actual values of these items are not scanned. .PARAMETER tenants Specifies an array of tenant ID Guids to scan. If tenants are specified, only the specified tenants will be processed. If parameter is not specified all tenants available to the provided credentials will be processed .PARAMETER subscriptions Specifies an array of either subscription names or subscription ID Guids to scan. If subscriptions are specified, only the specified subscriptions are scanned if they are available in the specified tenants. If parameter is not specified all subscriptions available within a scanned tenant will be processed .PARAMETER sections Specifies and array of the sections of Azure to scan. If sections are specified, only the specified sections will be scanned. If no sections are specified all sections will be processed by default. Please call function 'Get-ValidSection' to see a list of valid sections .PARAMETER outputs Specified the output types for all the scanned data, if output types are specified, only the specified output types will be used. Otherwise it will default to CSV files. To see a list of suuported output types use function 'Get-ValidOutput' .PARAMETER outputDirectory Directory for all output files. If this parameter is not set, data will be saved in the current user's 'Documents' folder. Ensure the Powershell environment in use has write permissions to specified directory. .PARAMETER force Can be used in a non-interactive environment and if specified, will not require user to confirm any actions. All warnings will simply be suppressed and the module will continue running. .EXAMPLE Run everything Start-CloudScan .EXAMPLE Scan 2 specific subscriptions inside a single tenant. Then output the results as excel sheets Start-CloudScan -tenants 1556b4b4-fg06-4r7e-865t-125133421e6e -subscriptions 4g6bfas4-3832-41ae-8f91-dg761027ff64, 9e4rfca4-1265-43gj-8m81-fd832023330p -outputs excel .Example Output scanned data to the "AzureData" directory in D drive, scan only Active directory and Key Vault and make the script non interactive. Start-CloudScan -outputPath "D:\AzureData" -sections ad,kv -force .NOTES Run script in Administrator mode. #> function Start-CloudScan { param( [string[]] $tenants, [string[]] $subscriptions, [string[]] $sections, [string[]] $outputs, [string] $outputDirectory, [switch] $force ) Write-Host "**************************************" Write-Host "Azure Cloud Scanner v1.0" Write-Host " [,,[, " Write-Host "\\ [,' ]/ " Write-Host " \\ ,' ,--. ], \" Write-Host " \|{D, { \ ] / \" Write-Host " I,,' / / /||\\" Write-Host " ~]]; / ,] ,-//. ,---. /" Write-Host " \;' / ,' / _ \ / _ \ /'/" Write-Host " \ `' / \ `' / \ `/' /" Write-Host " `._-,' `._-,' `._-,'" Write-Host "**************************************" #pre-scan setup if(!$force){ Confirm-UnspecifiedParameter; } Install-OptionalModule; Set-Global; #clear errors $Global:Error.Clear() #user login try{ $accountDetails = Add-AzureRmAccount -ErrorAction Stop; $loggedInUser = $accountDetails.Context.Account.Id; Write-Host "Logged in as: $loggedInUser" -ForegroundColor magenta }catch{ Out-Error $Global:Error[0]; Write-Host "Failed to authenticate. Exiting application..." -ForegroundColor magenta break; } #start scan Get-Tenant; Out-Log; } function Get-ValidSection { $validSections = [PSCustomObject]@{"Active Directory" = "ad"; "Key Vault" = "kv"; "App Services" = "as"} return $validSections; } function Get-ValidOutput{ $validOutputs = [PSCustomObject]@{"MS Excel Files" = "excel"; "CSV Files" = "csv"} return $validOutputs; } |