Assortment of offensive instruments focusing on Microsoft Azure written in Python to be platform agnostic. The present checklist of instruments may be discovered beneath with a short description of their performance.
./Device_Code/device_code_easy_mode.py
- Generates a code to be entered by the goal person
- Can be utilized for common token era or throughout a phishing/social engineering marketing campaign.
./Access_Tokens/token_juggle.py
- Takes in a refresh token in varied methods and retrieves a brand new refresh token and an entry token for the useful resource specified
./Access_Tokens/read_token.py
- Takes in an entry token and parses the included claims info, checks for expiration, makes an attempt to validate signature
./Outsider_Recon/outsider_recon.py
- Takes in a website and enumerates as a lot info as attainable concerning the tenant with out requiring authentication
./User_Enum/user_enum.py
- Takes in a username or checklist of usernames and makes an attempt to enumerate legitimate accounts utilizing one in all three strategies
- Will also be used to carry out a password spray
./Azure_AD/get_tenant.py
- Takes in an entry token or refresh token, outputs tenant ID and tenant Identify
- Creates textual content output file in addition to BloodHound appropriate aztenant file
./Azure_AD/get_users.py
- Takes in an entry token or refresh token, outputs all customers in Azure AD and all accessible person properties in Microsoft Graph
- Creates three information information, a condensed json file, a uncooked json file, and a BloodHound appropriate azusers file
./Azure_AD/get_groups.py
- Takes in an entry token or refresh token, outputs all teams in Azure AD and all accessible group properties in Microsoft Graph
- Creates three information information, a condensed json file, a uncooked json file, and a BloodHound appropriate azgroups file
./Azure_AD/get_group_members.py
- Takes in an entry token or refresh token, outputs all group memberships in Azure AD and all accessible group member properties in Microsoft Graph
- Creates three information information, a condensed json file, a uncooked json file, and a BloodHound appropriate azgroups file
./Azure_AD/get_subscriptions.py
- Takes in an ARM token or refresh token, outputs all subscriptions in Azure and all accessible subscription properties in Azure Useful resource Supervisor
- Creates three information information, a condensed json file, a uncooked json file, and a BloodHound appropriate azgroups file
./Azure_AD/get_resource_groups.py
- Takes in an ARM token or refresh token, outputs all useful resource teams in Azure and all accessible useful resource group properties in Azure Useful resource Supervisor
- Creates two information information, a uncooked json file, and a BloodHound appropriate azgroups file
./Azure_AD/get_vms.py
- Takes in an ARM token or refresh token, outputs all digital machines in Azure and all accessible VM properties in Azure Useful resource Supervisor
- Creates two information information, a uncooked json file, and a BloodHound appropriate azgroups file
Offensive Azure may be put in in various methods or by no means.
You’re welcome to clone the repository and execute the precise scripts you need. A necessities.txt
file is included for every module to make this as simple as attainable.
Poetry
The mission is constructed to work with poetry
. To make use of, comply with the following few steps:
git clone https://github.com/blacklanternsecurity/offensive-azure.git
cd ./offensive-azure
poetry set up
Pip
The packaged model of the repo can also be stored on pypi so you should utilize pip
to put in as effectively. We advocate you utilize pipenv
to maintain your surroundings as clear as attainable.
pipenv shell
pip set up offensive_azure
It’s as much as you for a way you want to use this toolkit. Every module may be ran independently, or you possibly can set up it as a package deal and use it in that approach. Every module is exported to a script named the identical because the module file. For instance:
Poetry
poetry set up
poetry run outsider_recon your-domain.com
Pip
pipenv shell
pip set up offensive_azure
outsider_recon your-domain.com