azucar: Security auditing tool for Azure environments
Azucar is a multi-threaded plugin-based tool to help assess the security of Azure Cloud environment subscription. By leveraging the Azure API, Azucar automatically gathers a variety of configuration data and analyses all data relating to a particular subscription in order to determine security risks.
The script will not change or modify any asset deployed in the Azure subscription.
Features
- Return a number of attributes on computers, users, groups, contacts, events, etc… from an Azure Active Directory
- Search for High level accounts in Azure Tenant, including Azure Active Directory, classic administrators and Directory Roles (RBAC)
- Multi-Threading support
- Plugin Support
- The following assets are supported by Azucar:
- Azure SQL Databases, including MySQL and PostgreSQL databases
- Azure Active Directory
- Storage Accounts
- Classic Virtual Machines
- Virtual Machines V2
- Security Status
- Security Policies
- Role Assignments (RBAC)
- Missing Security Patches
- Missing Security Baseline
- Web Application Firewall
- Network Security Groups
- Classic Endpoints
- Azure Security Alerts
- Azure KeyVault
Installation
git clone https://github.com/nccgroup/azucar.git
Before to start, you need to unblock files. Once you have unzipped the zip file, you can use the fantastic PowerShell V3 Unblock-File cmdlet that will do this task for you:
Get-ChildItem -Recurse c:\Azucar_V10 | Unblock-File
Usage
To get a list of basic options and switches use:
get-help .\azucar.ps1
Reporting
Support for exporting data-driven to several formats like CSV, XML or JSON.
The following screenshot shows an example report in JSON format
Office Support
Although there is already support for a variety of file formats (CSV, XML or JSON), there is also support for exporting data-driven to EXCEL format. Currently, it supports style modification, chart creation, company logo or independent language support. At the moment Office Excel 2010/2013/2016 are supported by the tool.
Examples
This example retrieves information of an Azure Tenant and print results. The script will try to connect using the ADAL library, and if no credential passed, the script will try to connect using the bearer token for a logged user
.\Azucar.ps1 -ExportTo PRINT | Format-List
This example gets information of an Azure Tenant and export data-driven to CSV, JSON, XML and Excel format into Reports folder. The script will try to connect using the ADAL library, and if no credential passed, the script will try to connect using the bearer token for a logged user
.\Azucar.ps1 -ExportTo CSV,JSON,XML,EXCEL
This example gets information of various assets of an Azure Tenant, including Active Directory, SQL Server, Security Alerts, and Firewall. All information will be exported to CSV format.
.\Azucar.ps1 -ExportTo CSV -Verbose -Analysis ActiveDirectory,SQLServer,SecurityAlerts,Firewall
Copyright (C) 2018 silverhack
Source: https://github.com/nccgroup/
