mgeeky-Penetration-Testing-.../clouds/azure/Azure Roles/Dump-AzureRoles.ps1

210 lines
4.3 KiB
PowerShell
Raw Normal View History

2022-01-25 12:45:14 +01:00
Function Get-ARTADRolePermissions {
<#
.SYNOPSIS
Shows Azure AD role permissions.
.DESCRIPTION
Displays all granted permissions on a specified Azure AD role.
.PARAMETER RoleName
Name of the role to inspect.
.EXAMPLE
PS> Get-ARTADRolePermissions -RoleName "Global Administrator"
#>
[CmdletBinding()]
Param(
[Parameter(Mandatory=$True)]
[String]
$RoleName
)
try {
$EA = $ErrorActionPreference
$ErrorActionPreference = 'silentlycontinue'
Write-Host @"
---
#### ``$RoleName``
"@
(Get-AzureADMSRoleDefinition -Filter "displayName eq '$RoleName'").RolePermissions | % {
$_.AllowedResourceActions | % {
Write-Host "- ``$_``"
}
}
Write-Host ""
}
catch {
Write-Host "[!] Function failed!" -ForegroundColor Red
Throw
Return
}
finally {
$ErrorActionPreference = $EA
}
}
Function Get-ARTRolePermissions {
<#
.SYNOPSIS
Shows Azure role permissions.
.DESCRIPTION
Displays all granted permissions on a specified Azure RBAC role.
.PARAMETER RoleName
Name of the role to inspect.
.EXAMPLE
PS> Get-ARTRolePermissions -RoleName Owner
#>
[CmdletBinding()]
Param(
[Parameter(Mandatory=$True)]
[String]
$RoleName
)
try {
$EA = $ErrorActionPreference
$ErrorActionPreference = 'silentlycontinue'
try {
$role = Get-AzRoleDefinition -Name $RoleName
}
catch {
Write-Host "[!] Could not get Role Definition. Possibly due to lacking privileges or lack of connection."
Throw
Return
}
Write-Host @"
---
#### ``$RoleName``
"@
if($role.Actions.Length -gt 0 ) {
Write-Host "`n- Actions:"
$role.Actions | % {
Write-Host " - ``$($_)``"
}
}
if($role.NotActions.Length -gt 0 ) {
Write-Host "`n- NotActions:"
$role.NotActions | % {
Write-Host " - ``$($_)``"
}
}
if($role.DataActions.Length -gt 0 ) {
Write-Host "`n- DataActions:"
$role.DataActions | % {
Write-Host " - ``$($_)``"
}
}
if($role.NotDataActions.Length -gt 0 ) {
Write-Host "`n- NotDataActions:"
$role.NotDataActions | % {
Write-Host " - ``$($_)``"
}
}
Write-Host ""
}
catch {
Write-Host "[!] Function failed!" -ForegroundColor Red
Throw
Return
}
finally {
$ErrorActionPreference = $EA
}
}
Function Dump-AzureRoles {
$creds = Get-Credential
Connect-AzAccount -Credential $creds | Out-Null
Connect-AzureAD -Credential $creds | Out-Null
Write-Host @"
# Synopsis
First part of this gist contains list of Azure RBAC and Azure AD roles sorted by their names.
Second part contains full definitions of each role along with their permissions assigned.
## Role Definitions
### Azure RBAC Roles
| # | RoleName | RoleDescription | RoleId |
|---|----------|-----------------|--------|
"@
2022-01-25 12:59:19 +01:00
$azureRbacRoles = Get-AzRoleDefinition | ? { $_.IsCustom -eq $false } | sort -property Name
2022-01-25 12:45:14 +01:00
$count = 0
$azureRbacRoles | % {
$count += 1
Write-Host "| $count | ``$($_.Name)`` | _$($_.Description)_ | ``$($_.Id)`` |"
}
Write-Host @"
---
### Azure AD Roles
| # | RoleName | RoleDescription | RoleId |
|---|----------|-----------------|--------|
"@
$azureADRoles = Get-AzureADDirectoryRoleTemplate | sort -property displayname
$count = 0
$azureADRoles | % {
$count += 1
Write-Host "| $count | ``$($_.DisplayName)`` | _$($_.Description)_ | ``$($_.ObjectId)`` |"
}
Write-Host @"
---
2022-01-25 12:59:19 +01:00
## Role Permissions
2022-01-25 12:45:14 +01:00
This section contains detailed definitions of each role along with their assigned permissions sets.
2022-01-25 12:59:19 +01:00
### Azure RBAC Role Permissions
2022-01-25 12:45:14 +01:00
"@
$azureRbacRoles | % {
Get-ARTRolePermissions -RoleName $_.Name
}
Write-Host @"
---
2022-01-25 12:59:19 +01:00
### Azure AD Role Permissions
2022-01-25 12:45:14 +01:00
"@
$azureADRoles | % {
Get-ARTADRolePermissions -RoleName $_.DisplayName
}
2022-01-25 12:59:19 +01:00
}