Merge pull request #918 from blacklanternsecurity/fix-azure-tenant

Don't emit empty AZURE_TENANT events
blacklanternsecurity · Dec 20, 2023 · 850a97c · 850a97c
2 parents 9ca8e27 + db94040
commit 850a97c
Showing 1 changed file with 13 additions and 13 deletions.
diff --git a/bbot/modules/azure_tenant.py b/bbot/modules/azure_tenant.py
@@ -32,19 +32,19 @@ async def handle_event(self, event):
         tenant_names = set()
         if domains:
             self.verbose(f'Found {len(domains):,} domains under tenant for "{query}": {", ".join(sorted(domains))}')
-        for domain in domains:
-            if domain != query:
-                self.emit_event(domain, "DNS_NAME", source=event, tags=["affiliate", "azure-tenant"])
-                # tenant names
-                if domain.lower().endswith(".onmicrosoft.com"):
-                    tenantname = domain.split(".")[0].lower()
-                    if tenantname:
-                        tenant_names.add(tenantname)
-
-        event_data = {"tenant-names": sorted(tenant_names), "domains": sorted(domains)}
-        if tenant_id is not None:
-            event_data["tenant-id"] = tenant_id
-        self.emit_event(event_data, "AZURE_TENANT", source=event)
+            for domain in domains:
+                if domain != query:
+                    self.emit_event(domain, "DNS_NAME", source=event, tags=["affiliate", "azure-tenant"])
+                    # tenant names
+                    if domain.lower().endswith(".onmicrosoft.com"):
+                        tenantname = domain.split(".")[0].lower()
+                        if tenantname:
+                            tenant_names.add(tenantname)
+
+            event_data = {"tenant-names": sorted(tenant_names), "domains": sorted(domains)}
+            if tenant_id is not None:
+                event_data["tenant-id"] = tenant_id
+            self.emit_event(event_data, "AZURE_TENANT", source=event)
 
     async def query(self, domain):
         url = f"{self.base_url}/autodiscover/autodiscover.svc"