11.7 C
Wednesday, November 15, 2023

A Quick Enumeration Instrument For Publicly Uncovered Azure Storage Blobs

Goblob is a light-weight and quick enumeration instrument designed to help within the discovery of delicate data uncovered publicy in Azure blobs, which may be helpful for numerous analysis functions akin to vulnerability assessments, penetration testing, and reconnaissance.

Warning. Goblob will difficulty particular person goroutines for every container identify to examine in every storage account, solely restricted by the utmost variety of concurrent goroutines specified within the -goroutines flag. This implementation can exhaust bandwidth fairly rapidly usually with the default wordlist, or doubtlessly value you some huge cash in the event you’re utilizing the instrument in a cloud setting. Be sure you perceive what you might be doing earlier than working the instrument.

go set up github.com/Macmod/goblob@newest

To make use of goblob merely run the next command:

$ ./goblob <storageaccountname>

The place <storageaccountname> is the goal storage account to enumerate public Azure blob storage URLs on.

You may as well specify a listing of storage account names to examine:

$ ./goblob -accounts accounts.txt

By default, the instrument will use a listing of frequent Azure Blob Storage container names to assemble potential URLs. Nevertheless, you too can specify a customized checklist of container names utilizing the -containers possibility. For instance:

$ ./goblob -accounts accounts.txt -containers wordlists/goblob-folder-names.txt

The instrument additionally helps outputting the outcomes to a file utilizing the -output possibility:

$ ./goblob -accounts accounts.txt -containers wordlists/goblob-folder-names.txt -output outcomes.txt

If you wish to present accounts to check by way of stdin you too can omit -accounts (or the account identify) solely:

$ cat accounts.txt | ./goblob


Goblob comes bundled with fundamental wordlists that can be utilized with the -containers possibility:

Non-obligatory Flags

Goblob offers a number of flags that may be tuned as a way to enhance the enumeration course of:

  • -goroutines=N – Most variety of concurrent goroutines to permit (default: 5000).
  • -blobs=true – Report the URL of every blob as a substitute of the URL of the containers (default: false).
  • -verbose=N – Set verbosity stage (default: 1, min: 0, max: 3).
  • -maxpages=N – Most of container pages to traverse in search of blobs (default: 20, set to -1 to disable restrict or to 0 to keep away from itemizing blobs in any respect and simply examine if the container is public)
  • -timeout=N – Timeout for HTTP requests (seconds, default: 90)
  • -maxidleconns=NMaxIdleConns transport parameter for HTTP consumer (default: 100)
  • -maxidleconnsperhost=NMaxIdleConnsPerHost transport parameter for HTTP consumer (default: 10)
  • -maxconnsperhost=NMaxConnsPerHost transport parameter for HTTP consumer (default: 0)
  • -skipssl=true – Skip SSL verification (default: false)
  • -invertsearch=true – Enumerate accounts for every container as a substitute of containers for every account (default: false)

As an illustration, in the event you simply need to discover publicly uncovered containers utilizing massive lists of storage accounts and container names, you need to use -maxpages=0 to forestall the goroutines from paginating the outcomes. Then run it once more on the set of outcomes you discovered with -blobs=true and -maxpages=-1 to really get the URLs of the blobs.

If, alternatively, you need to check a small checklist of extremely popular container names towards a big set of storage accounts, you would possibly need to strive -invertsearch=true with -maxpages=0, as a way to see the general public accounts for every container identify as a substitute of the container names for every storage account.

You may additionally need to strive altering -goroutines, -timeout and -maxidleconns, -maxidleconnsperhost and -maxconnsperhost and -skipssl as a way to greatest use your bandwidth and discover outcomes sooner.

Experiment with the flags to seek out what works greatest for you 😉


A fast enumeration tool for publicly exposed Azure Storage blobs. (6)

Contributions are welcome by opening a problem or by submitting a pull request.

  • Test blob area for NXDOMAIN earlier than making an attempt wordlist to avoid wasting bandwidth (possibly)
  • Enhance default parameters for higher efficiency

An attention-grabbing visualization of in style container names present in my experiments with the instrument:

If you wish to know extra about my experiments and the topic basically, check out my article:

Latest news
Related news


Please enter your comment!
Please enter your name here