MicroBurst: A collection of scripts for assessing Microsoft Azure security

MicroBurst: A PowerShell Toolkit for Attacking Azure

MicroBurst includes functions and scripts that support Azure Services discovery, weak configuration auditing, and post exploitation actions such as credential dumping. It is intended to be used during penetration tests where Azure is in use.

Functions Information

• Get-AzurePasswords.ps1
  PS C:> Get-Help Get-AzurePasswords
  NAME: Get-AzurePasswords
  SYNOPSIS: Dumps all available credentials from an Azure subscription. Pipe to Out-Gridview or Export-CSV for easier parsing.
  SYNTAX: Get-AzurePasswords [[-Subscription] ] [[-ExportCerts] ] []
  DESCRIPTION: This function will look for any available credentials and certificates store in Key Vaults, App Services Configurations, and Automation accounts. If the Azure management account has permissions, it will read the values directly out of the Key Vaults and App Services Configs. A runbook will be spun up for dumping automation account credentials, so it will create a log entry in the automation jobs.
• Invoke-EnumerateAzureBlobs.ps1PS C:> Import-Module .\Invoke-EnumerateAzureBlobs.ps1

  PS C:> Get-Help Invoke-EnumerateAzureBlobs

  NAME: Invoke-EnumerateAzureBlobs

  SYNOPSIS: PowerShell function for enumerating public Azure Blobs and Containers.

  SYNTAX: Invoke-EnumerateAzureBlobs [[-Base] ] [[-OutputFile] ] [[-Permutations] ] [[-Folders] ] [[-BingAPIKey] ] []

  DESCRIPTION: The function will check for valid .blob.core.windows.net hostnames via DNS. If a BingAPIKey is supplied, a Bing search will be made for the base word under the .blob.core.windows.net site. After completing storage account enumeration, the function then checks for valid containers via the Azure REST API methods. If a valid container has public files, the function will list them out.

• Invoke-EnumerateAzureSubDomains.ps1PS C:> Import-Module .\Invoke-EnumerateAzureSubDomains.ps1

  PS C:> Get-Help Invoke-EnumerateAzureSubDomains

  NAME: Invoke-EnumerateAzureSubDomains

  SYNOPSIS: PowerShell function for enumerating public Azure services.

  SYNTAX: Invoke-EnumerateAzureSubDomains [-Base] [[-Permutations] ] []

  DESCRIPTION: The function will check for valid Azure subdomains, based off of a base word, via DNS.

• Get-AzureDomainInfo.ps1PS C:> Import-Module .\Get-AzureDomainInfo.ps1

  PS C:> Get-Help Get-AzureDomainInfo

  NAME: Get-AzureDomainInfo

  SYNOPSIS: PowerShell function for dumping information from Azure subscriptions via authenticated ASM and ARM connections.

  SYNTAX: Get-AzureDomainInfo [[-folder] ] [[-Subscription] ] [[-ResourceGroup] ] [[-Users] ] [[-Groups] ] [[-StorageAccounts] ] [[-Resources] ] [[-VMs] ] [[-NetworkInfo] ] [[-RBAC] ] [[-LoginBypass] ] []

  DESCRIPTION: The function will dump available information for an Azure domain out to CSV and txt files in the -folder parameter directory.

• Get-MSOLDomainInfo.ps1PS C:> Import-Module .\Get-MSOLDomainInfo.ps1

  PS C:> Get-Help Get-MSOLDomainInfo

  NAME: Get-MSOLDomainInfo

  SYNOPSIS: PowerShell function for dumping information from an Office365 domain via an authenticated MSOL connection.

  SYNTAX: Get-MSOLDomainInfo [[-folder] ] [[-Users] ] [[-Groups] ] []

  DESCRIPTION: The function will dump available information for an Office365 domain out to CSV and txt files in the -folder parameter directory.

Download

git clone https://github.com/NetSPI/MicroBurst.git
Import-Module .\MicroBurst.psm1

Copyright (c) 2018, NetSPI
All rights reserved.

Source: https://github.com/NetSPI/