mgeeky-Penetration-Testing-Tools/clouds/azure

Azure-related penetration testing scripts, tools and Cheatsheets

• Azure Roles - All Azure RBAC and Azure AD Role Definitions, along with their permissions associated listed in a handy markdown report.

• AzureRT - Powershell module implementing various cmdlets to interact with Azure and Azure AD from an offensive perspective. Helpful utilities dealing with access token based authentication, easily switching from Az to AzureAD and az cli interfaces, easy to use pre-made attacks such as Runbook-based command execution and more.

  Authentication & Token mechanics:

  • Get-ARTWhoami
  • Connect-ART
  • Connect-ARTAD
  • Connect-ARTADServicePrincipal
  • Get-ARTAccessTokenAzCli
  • Get-ARTAccessTokenAz
  • Get-ARTAccessTokenAzureAD
  • Get-ARTAccessTokenAzureADCached
  • Parse-JWTtokenRT
  • Remove-ARTServicePrincipalKey

  Recon and Situational Awareness:

  • Get-ARTAccess
  • Get-ARTADAccess
  • Get-ARTTenants
  • Get-ARTDangerousPermissions
  • Get-ARTADScopedRoleAssignment
  • Get-ARTResource
  • Get-ARTRolePermissions
  • Get-ARTADRolePermissions
  • Get-ARTADDynamicGroups
  • Get-ARTApplication
  • Get-ARTApplicationProxy
  • Get-ARTApplicationProxyPrincipals
  • Get-ARTRoleAssignment
  • Get-ARTStorageAccountKeys
  • Get-ARTKeyVaultSecrets
  • Get-ARTAutomationCredentials
  • Get-ARTAutomationRunbookCode
  • Get-ARTAzVMPublicIP
  • Get-ARTResourceGroupDeploymentTemplate
  • Get-ARTAzVMUserDataFromInside

  Privilege Escalation:

  • Add-ARTADGuestUser
  • Set-ARTADUserPassword
  • Add-ARTUserToGroup
  • Add-ARTUserToRole
  • Add-ARTADAppSecret

  Lateral Movement:

  • Invoke-ARTAutomationRunbook
  • Invoke-ARTRunCommand
  • Invoke-ARTCustomScriptExtension
  • Update-ARTAzVMUserData

  Misc:

  • Get-ARTTenantID
  • Get-ARTPRTToken
  • Get-ARTPRTNonce
  • Get-ARTUserId
  • Get-ARTSubscriptionId
  • Parse-JWTtokenRT
  • Invoke-ARTGETRequest
  • Import-ARTModules