Git/mgeeky-decode-spam-headers
1
0
Fork 0
mirror of https://github.com/mgeeky/decode-spam-headers.git synced 2024-11-24 11:31:37 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat: Enhance Office365 tenant analysis with third-party Azure AD Tools API

Browse Source 
- Added functionality to query ai.moda's Azure AD Tools API using the tenant ID extracted from the OpenID configuration.
- Now retrieves and displays additional tenant information such as Display Name and Federation Brand Name.
- Improved error handling and logging for cases where the OpenID configuration or Azure AD Tools API request fails.
This commit is contained in:
David Manouchehri 2024-11-13 16:00:37 +00:00
parent 0489be1e7d
commit c4261551fe
No known key found for this signature in database
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
decode-spam-headers.py
View File

@ -2823,6 +2823,7 @@ Results will be unsound. Make sure you have pasted your headers with correct spa
self.addSecurityAppliance('Office365') self.addSecurityAppliance('Office365')
try: try:
# First get the tenant ID via OpenID config
r = requests.get(f'https://login.microsoftonline.com/{value}/.well-known/openid-configuration') r = requests.get(f'https://login.microsoftonline.com/{value}/.well-known/openid-configuration')
out = r.json() out = r.json()
@ -2830,11 +2831,23 @@ Results will be unsound. Make sure you have pasted your headers with correct spa
m = out['error'] m = out['error']
return [] return []
result += '\n - Organization disclosed in "X-OriginatorOrg" is a valid Office 365 Tenant:\n' # Extract tenant ID from token endpoint
tid = out['token_endpoint'].replace('https://login.microsoftonline.com/', '') tid = out['token_endpoint'].replace('https://login.microsoftonline.com/', '')
tid = tid.replace('/oauth2/token', '') tid = tid.replace('/oauth2/token', '')
# Now query ai.moda's Azure AD Tools API with the tenant ID
r2 = requests.get(f'https://azure-ad-tools.ai.moda/api/v1.0.0/lookup-by-tenant-id/{tid}')
out2 = r2.json()
result += '\n - Organization disclosed in "X-OriginatorOrg" is a valid Office 365 Tenant:\n'
result += '\t- Office365 Tenant ID: ' + self.logger.colored(tid, 'green') + '\n' result += '\t- Office365 Tenant ID: ' + self.logger.colored(tid, 'green') + '\n'
if 'displayName' in out2:
result += f'\t- Display Name: {self.logger.colored(out2["displayName"], "green")}\n'
if 'federationBrandName' in out2 and out2['federationBrandName']:
result += f'\t- Federation Brand Name: {self.logger.colored(out2["federationBrandName"], "green")}\n'
tmp = '' tmp = ''
num0 = 0 num0 = 0