Cloud & Azure

MSOLSpray: A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled.

PowerZure: PowerZure is a PowerShell project created to assess and exploit resources within Microsoft’s cloud platform, Azure. PowerZure was created out of the need for a framework that can both perform reconnaissance and exploitation of Azure, AzureAD, and the associated resources.

SharpCloud: Simple C# for checking for the existence of credential files related to AWS, Microsoft Azure, and Google Compute.

MicroBurst: A collection of scripts for assessing Microsoft Azure security.

ROADtools: The Azure AD exploration framework.

SkyArk: SkyArk helps to discover, assess and secure the most privileged entities in Azure and AWS.

BlobHunter: Find exposed data in Azure with this public blob scanner.

Prowler

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

python3 -m venv venv
source venv\bin\activate
pip install prowler

Add the following roles on the Azure:

ENTRA ID

Security Reader
Global Reader

Azure Resources

Domain Services Reader
Reader

After that, run the prowler with the following command line:

prowler azure --browser-auth --tenant-id xxxxxxxxxxxx

See the results with:

prowler dashboard

PreviousActive Directory NextCommand and Control (C&C)

Last updated 1 month ago