mgeeky-Penetration-Testing-.../clouds/azure/Azure Roles/Dump-AzureRoles.ps1

209 lines
4.3 KiB
PowerShell

Function Get-ARTADRolePermissions {
<#
.SYNOPSIS
Shows Azure AD role permissions.
.DESCRIPTION
Displays all granted permissions on a specified Azure AD role.
.PARAMETER RoleName
Name of the role to inspect.
.EXAMPLE
PS> Get-ARTADRolePermissions -RoleName "Global Administrator"
#>
[CmdletBinding()]
Param(
[Parameter(Mandatory=$True)]
[String]
$RoleName
)
try {
$EA = $ErrorActionPreference
$ErrorActionPreference = 'silentlycontinue'
Write-Host @"
---
#### ``$RoleName``
"@
(Get-AzureADMSRoleDefinition -Filter "displayName eq '$RoleName'").RolePermissions | % {
$_.AllowedResourceActions | % {
Write-Host "- ``$_``"
}
}
Write-Host ""
}
catch {
Write-Host "[!] Function failed!" -ForegroundColor Red
Throw
Return
}
finally {
$ErrorActionPreference = $EA
}
}
Function Get-ARTRolePermissions {
<#
.SYNOPSIS
Shows Azure role permissions.
.DESCRIPTION
Displays all granted permissions on a specified Azure RBAC role.
.PARAMETER RoleName
Name of the role to inspect.
.EXAMPLE
PS> Get-ARTRolePermissions -RoleName Owner
#>
[CmdletBinding()]
Param(
[Parameter(Mandatory=$True)]
[String]
$RoleName
)
try {
$EA = $ErrorActionPreference
$ErrorActionPreference = 'silentlycontinue'
try {
$role = Get-AzRoleDefinition -Name $RoleName
}
catch {
Write-Host "[!] Could not get Role Definition. Possibly due to lacking privileges or lack of connection."
Return
}
Write-Host @"
---
#### ``$RoleName``
"@
if($role.Actions.Length -gt 0 ) {
Write-Host "`n- Actions:"
$role.Actions | % {
Write-Host " - ``$($_)``"
}
}
if($role.NotActions.Length -gt 0 ) {
Write-Host "`n- NotActions:"
$role.NotActions | % {
Write-Host " - ``$($_)``"
}
}
if($role.DataActions.Length -gt 0 ) {
Write-Host "`n- DataActions:"
$role.DataActions | % {
Write-Host " - ``$($_)``"
}
}
if($role.NotDataActions.Length -gt 0 ) {
Write-Host "`n- NotDataActions:"
$role.NotDataActions | % {
Write-Host " - ``$($_)``"
}
}
Write-Host ""
}
catch {
Write-Host "[!] Function failed!" -ForegroundColor Red
Throw
Return
}
finally {
$ErrorActionPreference = $EA
}
}
Function Dump-AzureRoles {
$creds = Get-Credential
Connect-AzAccount -Credential $creds | Out-Null
Connect-AzureAD -Credential $creds | Out-Null
Write-Host @"
# Synopsis
First part of this gist contains list of Azure RBAC and Azure AD roles sorted by their names.
Second part contains full definitions of each role along with their permissions assigned.
## Role Definitions
### Azure RBAC Roles
| # | RoleName | RoleDescription | RoleId |
|---|----------|-----------------|--------|
"@
$azureRbacRoles = (Get-AzRoleDefinition | ? { $_.IsCustom -eq $false } | sort -property Name)
$count = 0
$azureRbacRoles | % {
$count += 1
Write-Host "| $count | ``$($_.Name)`` | _$($_.Description)_ | ``$($_.Id)`` |"
}
Write-Host @"
---
### Azure AD Roles
| # | RoleName | RoleDescription | RoleId |
|---|----------|-----------------|--------|
"@
$azureADRoles = (Get-AzureADDirectoryRoleTemplate | sort -property displayname)
$count = 0
$azureADRoles | % {
$count += 1
Write-Host "| $count | ``$($_.DisplayName)`` | _$($_.Description)_ | ``$($_.ObjectId)`` |"
}
Write-Host @"
---
## Role Permissions
This section contains detailed definitions of each role along with their assigned permissions sets.
### Azure RBAC Role Permissions
"@
$azureRbacRoles | % {
Get-ARTRolePermissions -RoleName $_.Name
}
Write-Host @"
---
### Azure AD Role Permissions
"@
$azureADRoles | % {
Get-ARTADRolePermissions -RoleName $_.DisplayName
}
}