Goblob is a light-weight and quick enumeration instrument designed to help within the discovery of delicate data uncovered publicy in Azure blobs, which may be helpful for numerous analysis functions akin to vulnerability assessments, penetration testing, and reconnaissance.
Warning. Goblob will difficulty particular person goroutines for every container identify to examine in every storage account, solely restricted by the utmost variety of concurrent goroutines specified within the
-goroutines flag. This implementation can exhaust bandwidth fairly rapidly usually with the default wordlist, or doubtlessly value you some huge cash in the event you’re utilizing the instrument in a cloud setting. Be sure you perceive what you might be doing earlier than working the instrument.
go set up github.com/Macmod/goblob@newest
To make use of goblob merely run the next command:
$ ./goblob <storageaccountname>
<storageaccountname> is the goal storage account to enumerate public Azure blob storage URLs on.
You may as well specify a listing of storage account names to examine:
$ ./goblob -accounts accounts.txt
By default, the instrument will use a listing of frequent Azure Blob Storage container names to assemble potential URLs. Nevertheless, you too can specify a customized checklist of container names utilizing the
-containers possibility. For instance:
$ ./goblob -accounts accounts.txt -containers wordlists/goblob-folder-names.txt
The instrument additionally helps outputting the outcomes to a file utilizing the
$ ./goblob -accounts accounts.txt -containers wordlists/goblob-folder-names.txt -output outcomes.txt
If you wish to present accounts to check by way of
stdin you too can omit
-accounts (or the account identify) solely:
$ cat accounts.txt | ./goblob
Goblob comes bundled with fundamental wordlists that can be utilized with the
Goblob offers a number of flags that may be tuned as a way to enhance the enumeration course of:
-goroutines=N– Most variety of concurrent goroutines to permit (default:
-blobs=true– Report the URL of every blob as a substitute of the URL of the containers (default:
-verbose=N– Set verbosity stage (default:
-maxpages=N– Most of container pages to traverse in search of blobs (default:
20, set to
-1to disable restrict or to
0to keep away from itemizing blobs in any respect and simply examine if the container is public)
-timeout=N– Timeout for HTTP requests (seconds, default:
MaxIdleConnstransport parameter for HTTP consumer (default:
MaxIdleConnsPerHosttransport parameter for HTTP consumer (default:
MaxConnsPerHosttransport parameter for HTTP consumer (default:
-skipssl=true– Skip SSL verification (default:
-invertsearch=true– Enumerate accounts for every container as a substitute of containers for every account (default:
As an illustration, in the event you simply need to discover publicly uncovered containers utilizing massive lists of storage accounts and container names, you need to use
-maxpages=0 to forestall the goroutines from paginating the outcomes. Then run it once more on the set of outcomes you discovered with
-maxpages=-1 to really get the URLs of the blobs.
If, alternatively, you need to check a small checklist of extremely popular container names towards a big set of storage accounts, you would possibly need to strive
-maxpages=0, as a way to see the general public accounts for every container identify as a substitute of the container names for every storage account.
You may additionally need to strive altering
-skipssl as a way to greatest use your bandwidth and discover outcomes sooner.
Experiment with the flags to seek out what works greatest for you 😉
- Test blob area for NXDOMAIN earlier than making an attempt wordlist to avoid wasting bandwidth (possibly)
- Enhance default parameters for higher efficiency
An attention-grabbing visualization of in style container names present in my experiments with the instrument:
If you wish to know extra about my experiments and the topic basically, check out my article: