GraphRunner

https://github.com/dafthack/GraphRunner

Create token:

ipmo .\GraphRunner.ps1 

Get-GraphTokens
# Authenticate then best practice to Refresh the token (not sure why...)
Invoke-RefreshGraphTokens -AutoRefresh 

# Check the access you have 
Invoke-CheckAccess -Tokens $tokens

Recon:

##
## GROUPS 
##
# Gets security groups and members
Get-SecurityGroups -Tokens $tokens 
# Finds dynamic groups and displays membership rules
Get-DynamicGroups -Tokens $tokens 

# Get Groups that can be modified (add user to) 
Get-UpdatableGroups -Tokens $tokens -OutputFile updateablegroups.csv -RefreshToken $true -RefreshInterval 10 -Resource "https://graph.microsoft.com/" -Device Mac -AutoRefresh

## 
## Mailboxes
##
# Get AdUsers and output to a list 
Get-AzureADUsers -Tokens $tokens -outFile Users.txt
# Check users for open mailboxes 
Invoke-GraphOpenInboxFinder -Tokens $tokens -userlist Users.txt 

# Gets conditional access policies
Invoke-DumpCAPS
# Gets app registrations and external enterprise apps along with consent and scope info
Invoke-DumpApps

# Gets a list of SharePoint site URLs visible to the current user
Get-SharePointSiteURLs 
Invoke-GraphOpenInboxFinderChecks each userâ€™s inbox in a list to see if they are readable
Get-TenantID                    -        Retreives the tenant GUID from the domain name

PreviousBARK NextUser attacks

Last updated 4 months ago