Graphpython – A Comprehensive Tool For Microsoft Graph API Enumeration And Exploitation

Graphpython is a modular Python tool for cross-platform Microsoft Graph API enumeration and exploitation.

It builds upon the capabilities of AADInternals (Killchain.ps1), GraphRunner, and TokenTactics(V2) to provide a comprehensive solution for interacting with the Microsoft Graph API for red team and cloud assumed breach operations.

Graphpython covers external reconnaissance, authentication/token manipulation, enumeration, and post-exploitation of various Microsoft services, including Entra ID (Azure AD), Office 365 (Outlook, SharePoint, OneDrive, Teams), and Intune (Endpoint Management).

Index

Installation
Usage
Commands
Demos

Installation

Graphpython is designed to be cross-platform, ensuring compatibility with both Windows and Linux based operating systems:

git clone https://github.com/mlcsec/Graphpython.git
cd Graphpython
pip install .

Graphpython -h
# or
python3 Graphpython.py -h

Commands

Please refer to the Wiki for more details on the available commands

Outsider

Invoke-ReconAsOutsider
Invoke-UserEnumerationAsOutsider

Authentication

Get-GraphTokens
Get-TenantID
Get-TokenScope
Decode-AccessToken
Invoke-RefreshToMSGraphToken
Invoke-RefreshToAzureManagementToken
Invoke-RefreshToVaultToken
Invoke-RefreshToMSTeamsToken
Invoke-RefreshToOfficeAppsToken
Invoke-RefreshToOfficeManagementToken
Invoke-RefreshToOutlookToken
Invoke-RefreshToSubstrateToken
Invoke-RefreshToYammerToken
Invoke-RefreshToIntuneEnrollmentToken
Invoke-RefreshToOneDriveToken
Invoke-RefreshToSharePointToken
Invoke-CertToAccessToken
Invoke-ESTSCookieToAccessToken
Invoke-AppSecretToAccessToken
New-SignedJWT

Post-Auth Enumeration

Get-CurrentUser
Get-CurrentUserActivity
Get-OrgInfo
Get-Domains
Get-User
Get-UserProperties
Get-UserGroupMembership
Get-UserTransitiveGroupMembership
Get-Group
Get-GroupMember
Get-AppRoleAssignments
Get-ConditionalAccessPolicy
Get-Application
Get-AppServicePrincipal
Get-ServicePrincipal
Get-ServicePrincipalAppRoleAssignments
Get-PersonalContacts
Get-CrossTenantAccessPolicy
Get-PartnerCrossTenantAccessPolicy
Get-UserChatMessages
Get-AdministrativeUnitMember
Get-OneDriveFiles
Get-UserPermissionGrants
Get-oauth2PermissionGrants
Get-Messages
Get-TemporaryAccessPassword
Get-Password
List-AuthMethods
List-DirectoryRoles
List-Notebooks
List-ConditionalAccessPolicies
List-ConditionalAuthenticationContexts
List-ConditionalNamedLocations
List-SharePointRoot
List-SharePointSites
List-SharePointURLs
List-ExternalConnections
List-Applications
List-ServicePrincipals
List-Tenants
List-JoinedTeams
List-Chats
List-ChatMessages
List-Devices
List-AdministrativeUnits
List-OneDrives
List-RecentOneDriveFiles
List-SharedOneDriveFiles
List-OneDriveURLs

For more information click here.

GraphRunner : The Dual-Use Toolset For Microsoft 365 Security

March 4, 2025

In "Cyber security"

AzureGraph : Azure AD Enumeration Over MS Graph

December 15, 2022

In "Kali Linux"

Scriptkiddi3 – Streamline Your Recon And Vulnerability Detection Process With SCRIPTKIDDI3, A Recon And Initial Vulnerability Detection Tool Built Using Shell Script And Open Source Tools

June 22, 2023

In "Kali Linux"

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.