Home Cyber security Graphpython – A Comprehensive Tool For Microsoft Graph API Enumeration And Exploitation

Graphpython – A Comprehensive Tool For Microsoft Graph API Enumeration And Exploitation

August 29, 2024

Graphpython is a modular Python tool for cross-platform Microsoft Graph API enumeration and exploitation.

It builds upon the capabilities of AADInternals (Killchain.ps1), GraphRunner, and TokenTactics(V2) to provide a comprehensive solution for interacting with the Microsoft Graph API for red team and cloud assumed breach operations.

Graphpython covers external reconnaissance, authentication/token manipulation, enumeration, and post-exploitation of various Microsoft services, including Entra ID (Azure AD), Office 365 (Outlook, SharePoint, OneDrive, Teams), and Intune (Endpoint Management).

Index

Installation
Usage
Commands
Demos

Installation

Graphpython is designed to be cross-platform, ensuring compatibility with both Windows and Linux based operating systems:

git clone https://github.com/mlcsec/Graphpython.git
cd Graphpython
pip install .

Graphpython -h
# or
python3 Graphpython.py -h

Commands

Please refer to the Wiki for more details on the available commands

Outsider

Invoke-ReconAsOutsider
Invoke-UserEnumerationAsOutsider

Authentication

Get-GraphTokens
Get-TenantID
Get-TokenScope
Decode-AccessToken
Invoke-RefreshToMSGraphToken
Invoke-RefreshToAzureManagementToken
Invoke-RefreshToVaultToken
Invoke-RefreshToMSTeamsToken
Invoke-RefreshToOfficeAppsToken
Invoke-RefreshToOfficeManagementToken
Invoke-RefreshToOutlookToken
Invoke-RefreshToSubstrateToken
Invoke-RefreshToYammerToken
Invoke-RefreshToIntuneEnrollmentToken
Invoke-RefreshToOneDriveToken
Invoke-RefreshToSharePointToken
Invoke-CertToAccessToken
Invoke-ESTSCookieToAccessToken
Invoke-AppSecretToAccessToken
New-SignedJWT

Post-Auth Enumeration

Get-CurrentUser
Get-CurrentUserActivity
Get-OrgInfo
Get-Domains
Get-User
Get-UserProperties
Get-UserGroupMembership
Get-UserTransitiveGroupMembership
Get-Group
Get-GroupMember
Get-AppRoleAssignments
Get-ConditionalAccessPolicy
Get-Application
Get-AppServicePrincipal
Get-ServicePrincipal
Get-ServicePrincipalAppRoleAssignments
Get-PersonalContacts
Get-CrossTenantAccessPolicy
Get-PartnerCrossTenantAccessPolicy
Get-UserChatMessages
Get-AdministrativeUnitMember
Get-OneDriveFiles
Get-UserPermissionGrants
Get-oauth2PermissionGrants
Get-Messages
Get-TemporaryAccessPassword
Get-Password
List-AuthMethods
List-DirectoryRoles
List-Notebooks
List-ConditionalAccessPolicies
List-ConditionalAuthenticationContexts
List-ConditionalNamedLocations
List-SharePointRoot
List-SharePointSites
List-SharePointURLs
List-ExternalConnections
List-Applications
List-ServicePrincipals
List-Tenants
List-JoinedTeams
List-Chats
List-ChatMessages
List-Devices
List-AdministrativeUnits
List-OneDrives
List-RecentOneDriveFiles
List-SharedOneDriveFiles
List-OneDriveURLs

For more information click here.

Graphpython – A Comprehensive Tool For Microsoft Graph API Enumeration And Exploitation

Index

Installation

Commands

Outsider

Authentication

Post-Auth Enumeration

LEAVE A REPLY Cancel reply

APPLICATIONS

Trivy : Simple & Comprehensive Vulnerability Scanner

Ctf-Screenshotter : A CTF Web Challenge About Making Screenshots

Dwarf : Full Featured Multi Arch/OS Debugger Built On Top Of PyQt5 & Frida

CloudUnflare : Reconnaissance Real IP Address for Cloudflare Bypass

HOT NEWS

ReverseSSH : Statically-linked Ssh Server With Reverse Shell Functionality For CTFs...

EVEN MORE NEWS

Bomber : Navigating Security Vulnerabilities In SBOMs

EmbedPayloadInPng : A Guide To Embedding And Extracting Encrypted Payloads In...

Exploit Street – Navigating The New Terrain Of Windows LPEs

POPULAR CATEGORY

IMDSPOOF: Enhancing Cloud Security with Deceptive AWS IMDS Endpoint Spoofing

SubCat – A Fast And Efficient Subdomain Enumeration Tool

Naabu – Fast and Efficient Port Scanner