Git/mgeeky-Penetration-Testing-Tools
1
0
Fork 0
mirror of https://github.com/mgeeky/Penetration-Testing-Tools.git synced 2025-11-04 13:05:26 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
316296e5bf874965ee7520dfb70fa14a000e3a1c
mgeeky-Penetration-Testing-…/clouds/azure
History
mgeeky 316296e5bf Added Azure Roles.
2022-01-25 12:45:14 +01:00
..
Azure Roles
Added Azure Roles.
2022-01-25 12:45:14 +01:00
AzureRT @ c194618294
Updated AzureRT
2022-01-25 12:19:14 +01:00
README.md
Updated AzureRT
2022-01-25 12:43:09 +01:00

README.md

Azure-related penetration testing scripts, tools and Cheatsheets

  • Azure Roles - All Azure RBAC and Azure AD Role Definitions, along with their permissions associated listed in a handy markdown report.

  • AzureRT - Powershell module implementing various cmdlets to interact with Azure and Azure AD from an offensive perspective. Helpful utilities dealing with access token based authentication, easily switching from Az to AzureAD and az cli interfaces, easy to use pre-made attacks such as Runbook-based command execution and more.

    Authentication & Token mechanics:

    • Get-ARTWhoami
    • Connect-ART
    • Connect-ARTAD
    • Connect-ARTADServicePrincipal
    • Get-ARTAccessTokenAzCli
    • Get-ARTAccessTokenAz
    • Get-ARTAccessTokenAzureAD
    • Parse-JWTtokenRT
    • Remove-ARTServicePrincipalKey

    Recon and Situational Awareness:

    • Get-ARTAccess
    • Get-ARTADAccess
    • Get-ARTResource
    • Get-ARTRolePermissions
    • Get-ARTADRolePermissions
    • Get-ARTRoleAssignment
    • Get-ARTKeyVaultSecrets
    • Get-ARTAutomationRunbookCode

    Privilege Escalation:

    • Add-ARTUserToGroup
    • Add-ARTUserToRole
    • Add-ARTADAppSecret

    Lateral Movement:

    • Invoke-ARTAutomationRunbook

    Misc:

    • Get-ARTUserId
    • Parse-JWTtokenRT
    • Invoke-ARTGETRequest