Azure Red Team tool for graphing Azure and Azure Active Directory objects
Project description
Stormspotter
Stormspotter creates an “attack graph” of the resources in an Azure subscription. It enables red teams and pentesters to visualize the attack surface and pivot opportunities within a tenant, and supercharges your defenders to quickly orient and prioritize incident response work.
It needs reader access to the subscription you wish to import and/or Directory.Read access to the Azure AD tenants.
Getting Started
Prerequisites
- Stormspotter is developed in Python 3.8.
- Install Neo4j. Installation directions for your preferred operating system are located here, although you may prefer the ease of a docker container:
docker run --name stormspotter -p7474:7474 -p7687:7687 -d --env NEO4J_AUTH=neo4j/[password] neo4j:latest
Running Stormspotter
In order to avoid conflicting packages, it is highly recommended to run Stormspotter in a virtual environment.
-
Install the requirements
- Via pipenv
python -m pip install pipenv pipenv install stormspotter==1.0.0a0
- From the repository
git clone https://github.com/Azure/Stormspotter cd Stormspotter pipenv install .
Providing credentials
Current login types supported:
- Azure CLI (must use
az login
first) - Service Principal Client ID/Secret
Gather and view resources
-
Run stormspotter to gather resource and object information
- Via CLI login
stormspotter --cli
- Via Service Principal
stormspotter --service-principal -u <client id> -p <client secret>
-
Run stormdash to launch dashboard
stormdash -dbu <neo4j-user> -dbp <neo4j-pass>
-
During installation, a
.stormspotter
folder is created in the user's home directory. Place the results zip file into~/.stormspotter/input
folder. You may also place the zip file into the folder before runningstormdash
and it will be processed when Stormspotter starts. When a file is successfully processed, it will be moved into~/.stormspotter/processed
. -
Browse to http://127.0.0.1:8050 to interact with the graph.
Notes
- With Stormspotter currently in alpha, not all resource types have been implemented in Stormdash. You may see labels with missing icons and/or simply display the "name" and "type" fields. You can still view the data associated with these assets by clicking the "Raw Data" slider. Over time, more resources will be properly implemented.
- The node expansion feature has not been implemented yet. This feature will allow you to interact with a node to see all of its relations. As an fallback to Stormdash, you can visit the Neo4J instance directly to use this feature.
Screenshots
Contributing
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file stormspotter-1.0.0a0.tar.gz
.
File metadata
- Download URL: stormspotter-1.0.0a0.tar.gz
- Upload date:
- Size: 319.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.23.0 setuptools/46.3.0 requests-toolbelt/0.9.1 tqdm/4.46.0 CPython/3.8.2
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | d308155eff12d83eff2d460c7e999b7c7d1bc5b9a4f287c208564bd9bd5efcc2 |
|
MD5 | e69e3f6f34d7d915cf25d90dc2e16c4e |
|
BLAKE2b-256 | 471518f185e3516df0e5ee767d9792d630608f23c2cf84eb600acf02691c1566 |
File details
Details for the file stormspotter-1.0.0a0-py3-none-any.whl
.
File metadata
- Download URL: stormspotter-1.0.0a0-py3-none-any.whl
- Upload date:
- Size: 353.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.23.0 setuptools/46.3.0 requests-toolbelt/0.9.1 tqdm/4.46.0 CPython/3.8.2
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | c54e4d8707a4197b4ccc3b36d89b720278d10f19a01c27ca5532e46c56c6c441 |
|
MD5 | 56d6a92419406748f8300701efc75130 |
|
BLAKE2b-256 | 87cb440cbde051265abfe7c8b5a7876b4e6321d41337a1d75499207b772549d2 |