Microsoft Azure has dozens of tools to manage all aspects of security in the Azure. Regardless of that, sometimes it is necessary to check an open port along with their associated virtual machine.
This time we will use NMAP and Powershell combintation to scan the specified port of each running virtual machine in Azure. For added convenience and portability, we will run the customized Docker image.
A container is launched by running an image. An image is an executable package that includes everything needed to run an application - the code, a runtime, libraries, environment variables, and configuration files.
A container is a runtime instance of an image - what the image becomes in memory when executed (that is, an image with state, or a user process).
This article's image is build up from Powershell 6.0 image, which uses Az module and NMAP package. At the start of container it will execute 'Invoke-Audit' function from 'main.psm1' script:
Docker Engine is available for Linux (CentOS, Debian, Fedora, Oracle Linux, RHEL, SUSE, and Ubuntu) or Windows Server operating systems and is based on containerd. Docker is available in two editions - Community (CE) and Enterprise (EE). In this article we will use Docker CE running on Ubuntu 16.04 LTS. Instruction how to install Docker on Ubuntu is available here.
- Download the image ('docker pull groovysky/azure-audit')
- Run an instance interactively ('docker run -i groovysky/azure-audit')
- Enter a port
- Authenticate to https://aka.ms/devicelogin by entering an authorization code
If everything went according to plan you should see information about scaned VMs:
