2 minutes
Getting Microburst working on Linux
TL;DR
Install this Resolve-DnsName Port and hammer these 2 commands in your Microburst folder:
sed -i 's/Resolve-DnsName \$lookup -ErrorAction Stop -Verbose:\$false/Resolve-DnsName \$lookup -Verbose:\$false -DnsOnly -ErrorAction SilentlyContinue/g' Misc/*.ps1
sed -i 's/\$lookupResult -ne ""/\$lookupResult -ne \$null/g' Misc/*.ps1
Now, onto to the troubleshoot!
Troubleshoot
Microburst uses the Resolve-DnsName cmdlet to resolve the hosts. The Resolve-DnsName cmdlet is windows only. However, there is a port of Resolve-DnsName based on dig that is cross-platform that you can install on your linux machine.
Install Port
https://github.com/rhymeswithmogul/Resolve-DnsNameCrossPlatform
git clone https://github.com/rhymeswithmogul/Resolve-DnsNameCrossPlatform.git
Install-Module ./Resolve-DnsNameCrossPlatform/Resolve-DnsNameCrossPlatform.psd1
Broken behaviour
Microburst is matching every domain it permutates as a valid one.
Let’s investigate a bit and look for where this cmdlet is used in the script:
grep -r Resolve-DnsName
It is used in 2 files:
- Invoke-EnumerateAzureSubDomains.ps1
- Invoke-EnumerateAzureBlobs.ps1
The Problem
There are 2, actually.
First Problem
In the following code snippet, our Resolve-DnsName port is not successfully resolving the host.
try{($lookupResult = Resolve-DnsName $lookup -Verbose:$false -DnsOnly -ErrorAction SilentlyContinue | select Name | Select-Object -First 1)|Out-Null}catch{}
It errors out with the error:
ForEach-Object: Cannot find an overload for "new" and the argument count: "1".
We can fix this by changing the flag -ErrorAction Stop to -ErrorAction SilentlyContinue and it will resolve the host fine.
Second Problem
The second problem is that the Resolve-DnsName is not returning "" when it fails to resolve a host, it returns $null.
So this condition in the script is never going to work as $lookupResult will have the value $null when it fails to resolve. This will match every failed dns query, which is the opposite of what we want.
if ($lookupResult -ne ""){
Write-Verbose "Found $lookup"; $runningList += $lookup; $TempTbl.Rows.Add([string]$lookup,[string]$subLookup[$_]) | Out-Null
}
We can fix it by swapping that "" to $null.
Fixing the script
Changing the -ErrorAction flag
sed -i 's/Resolve-DnsName \$lookup -ErrorAction Stop -Verbose:\$false/Resolve-DnsName \$lookup -Verbose:\$false -DnsOnly -ErrorAction SilentlyContinue/g' Misc/*.ps1
Swapping "" to $null
sed -i 's/\$lookupResult -ne ""/\$lookupResult -ne \$null/g' Misc/*.ps1
In the end it should look like this
try{($lookupResult = Resolve-DnsName $lookup -Verbose:$false -DnsOnly -ErrorAction SilentlyContinue | select Name | Select-Object -First 1)|Out-Null}catch{}
if ($lookupResult -ne $null){
Write-Verbose "Found $lookup"; $runningList += $lookup; $TempTbl.Rows.Add([string]$lookup,[string]$subLookup[$_]) | Out-Null
}