PSCloudScanner

1.2

PSCloudScanner.psm1

                                . "$PSScriptRoot\_functionReference.ps1";

<#

.SYNOPSIS

    Starts scanning the Azure context of specified credentials based on user parameters. If any parameters are not specified the module will default to processing everthing.

.DESCRIPTION

    Scans Azure service like Key Vault, Active Directory, App Services and Virtual Machines for keys, secrets and certificates and outputs it's associated expiry dates.

    Actual values of these items are not scanned.

.PARAMETER tenants 

    Specifies an array of tenant ID Guids to scan. If tenants are specified, only the specified tenants will be processed.

    If parameter is not specified all tenants available to the provided credentials will be processed

.PARAMETER subscriptions

    Specifies an array of either subscription names or subscription ID Guids to scan. If subscriptions are specified, only the specified subscriptions are scanned if they are available in the specified tenants.

    If parameter is not specified all subscriptions available within a scanned tenant will be processed

.PARAMETER sections

    Specifies and array of the sections of Azure to scan. If sections are specified, only the specified sections will be scanned.

    If no sections are specified all sections will be processed by default. Please call function 'Get-ValidSection' to see a list of valid sections

.PARAMETER outputs

    Specified the output types for all the scanned data, if output types are specified, only the specified output types will be used. Otherwise it will default to CSV files.

    To see a list of suuported output types use function 'Get-ValidOutput'

.PARAMETER outputDirectory

    Directory for all output files. If this parameter is not set, data will be saved in the current user's 'Documents' folder. Ensure the Powershell environment in use has write permissions to specified directory.

.PARAMETER force

    Can be used in a non-interactive environment and if specified, will not require user to confirm any actions. All warnings will simply be suppressed and the module will continue running.

.EXAMPLE

    Run everything

    Start-CloudScan

.EXAMPLE 

    Scan 2 specific subscriptions inside a single tenant. Then output the results as excel sheets

    Start-CloudScan -tenants 1556b4b4-fg06-4r7e-865t-125133421e6e -subscriptions 4g6bfas4-3832-41ae-8f91-dg761027ff64, 9e4rfca4-1265-43gj-8m81-fd832023330p -outputs excel

.Example

    Output scanned data to the "AzureData" directory in D drive, scan only Active directory and Key Vault and make the script non interactive.

    Start-CloudScan -outputPath "D:\AzureData" -sections ad,kv -force

.NOTES

    Run script in Administrator mode.

#>

function Start-CloudScan {

    param(

        [string[]] $tenants,

        [string[]] $subscriptions,

        [string[]] $sections,

        [string[]] $outputs,

        [string] $outputDirectory,

        [switch] $force

    )

    $currentModule = Get-Module -Name PSCloudScanner

    $currentVersion = $currentModule.version[0];

    Write-Host "**************************************"

    Write-Host "Azure Cloud Scanner v$currentVersion"

    Write-Host "         [,,[,  "

    Write-Host "\\    [,'     ]/ "

    Write-Host " \\  ,'  ,--.  ],      \"

    Write-Host "  \|{D, {    \  ]     / \"

    Write-Host "     I,,'    /  /    /||\\"

    Write-Host "   ~]];    /  ,] ,-//.    ,---.      /"

    Write-Host "     \;'   /  ,' /  _  \  /  _  \   /'/"

    Write-Host "           \   `'  / \  `'  / \  `/' /"

    Write-Host "            `._-,'   `._-,'   `._-,'"

    Write-Host "**************************************"

    #pre-scan setup

    if(!$force){

        Confirm-UnspecifiedParameter;

    }

    Install-OptionalModule;

    Set-Global;

    #clear errors

    $Global:Error.Clear()

    #user login

    try{

        $accountDetails = Add-AzureRmAccount -ErrorAction Stop;

        $loggedInUser = $accountDetails.Context.Account.Id;

        Write-Host "Logged in as: $loggedInUser" -ForegroundColor magenta

    }catch{

        Out-Error $Global:Error[0];

        Write-Host "Failed to authenticate. Exiting application..." -ForegroundColor magenta

        break;

    }

    #start scan

    Get-Tenant;

    Out-Log;

    #Output all non-terminating errors

    Out-ErrorList;

}

function Get-ValidSection {

    $validSections = [PSCustomObject]@{"Active Directory" = "ad"; 

                                        "Key Vault" = "kv"; 

                                        "App Services" = "as"}

    return $validSections;

}

function Get-ValidOutput{

    $validOutputs =  [PSCustomObject]@{"MS Excel Files" = "excel";

                                        "CSV Files" = "csv"}

    return $validOutputs;

}