Open sfunkernw opened 2 years ago
Not only Azure, but any S3 provider - for example wasabi, Digital Ocean, etc.
To add support for scanning Azure Storage Account Blob Containers with TruffleHog, here's a solution you can implement:
Use Azure CLI or PowerShell for automation: Instead of manually downloading blob contents, automate the process using Azure CLI or PowerShell. You can list and manage blob containers, and retrieve their properties and metadata using these tools.
Generate a Shared Access Signature (SAS): Generate a SAS token to provide secure, temporary access to your blob storage. This allows TruffleHog to access the blob contents without exposing your account key. Be sure to set appropriate permissions and expiry times to ensure security.
Set up a script: Create a script to iterate through your blob containers, download the contents to a local directory, and run TruffleHog on the downloaded data. This can be done using a combination of Azure CLI commands and a scripting language like Bash or Python.
Here's a basic outline of the steps you would follow:
az storage container list --account-name <your-storage-account> --auth-mode key
az storage container generate-sas --account-name <your-storage-account> --name <container-name> --permissions lr --expiry <expiry-date>
az storage blob download-batch --source <container-name> --destination <local-path> --account-name <your-storage-account> --sas-token <sas-token>
trufflehog filesystem <local-path>
$context = New-AzStorageContext -StorageAccountName <your-storage-account> -UseConnectedAccount
$containers = Get-AzStorageContainer -Context $context
$sas = New-AzStorageContainerSASToken -Name <container-name> -Context $context -Permission r -ExpiryTime (Get-Date).AddDays(1)
Get-AzStorageBlobContent -Container <container-name> -Blob <blob-name> -Destination <local-path> -Context $context -SASToken $sas
trufflehog filesystem <local-path>
By automating these steps, you can efficiently scan Azure Blob Storage with TruffleHog without manually downloading each blob. For more detailed guidance, you can refer to the Azure documentation and TruffleHog's GitHub page [❞] [❞] [❞] [❞] [❞].
Feature Request
In addition to the AWS S3 bucket scanning mode, it would be great if TruffleHog would also support the same for Azure Cloud's Storage Account Blob Container.
Problem to be Addressed
It's tedious to download all the Azure Storage Account Blob container contents manually to run TruffleHog on it.