Skip to main content

Azure Red Team tool for graphing Azure and Azure Active Directory objects

Project description


Stormspotter

Stormspotter creates an “attack graph” of the resources in an Azure subscription. It enables red teams and pentesters to visualize the attack surface and pivot opportunities within a tenant, and supercharges your defenders to quickly orient and prioritize incident response work.

It needs reader access to the subscription you wish to import and/or Directory.Read access to the Azure AD tenants.


Getting Started

Prerequisites

  • Stormspotter is developed in Python 3.8.
  • Install Neo4j. Installation directions for your preferred operating system are located here, although you may prefer the ease of a docker container:
docker run --name stormspotter -p7474:7474 -p7687:7687 -d --env NEO4J_AUTH=neo4j/[password] neo4j:latest

Running Stormspotter

In order to avoid conflicting packages, it is highly recommended to run Stormspotter in a virtual environment.

  1. Install the requirements

    • Via pipenv
    python -m pip install pipenv
    pipenv install stormspotter==1.0.0a0
    
    • From the repository
    git clone https://github.com/Azure/Stormspotter
    cd Stormspotter
    pipenv install .
    

Providing credentials

Current login types supported:

  • Azure CLI (must use az login first)
  • Service Principal Client ID/Secret

Gather and view resources

  1. Run stormspotter to gather resource and object information

    • Via CLI login
    stormspotter --cli
    
    • Via Service Principal
    stormspotter --service-principal -u <client id> -p <client secret>
    
  2. Run stormdash to launch dashboard

    stormdash -dbu <neo4j-user> -dbp <neo4j-pass>
    
  3. During installation, a .stormspotter folder is created in the user's home directory. Place the results zip file into ~/.stormspotter/input folder. You may also place the zip file into the folder before running stormdash and it will be processed when Stormspotter starts. When a file is successfully processed, it will be moved into ~/.stormspotter/processed.

  4. Browse to http://127.0.0.1:8050 to interact with the graph.

Notes

  • With Stormspotter currently in alpha, not all resource types have been implemented in Stormdash. You may see labels with missing icons and/or simply display the "name" and "type" fields. You can still view the data associated with these assets by clicking the "Raw Data" slider. Over time, more resources will be properly implemented.
  • The node expansion feature has not been implemented yet. This feature will allow you to interact with a node to see all of its relations. As an fallback to Stormdash, you can visit the Neo4J instance directly to use this feature.

Screenshots

Screenshot1 Screenshot2 Screenshot3

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

stormspotter-1.0.0a0.tar.gz (319.3 kB view details)

Uploaded Source

Built Distribution

stormspotter-1.0.0a0-py3-none-any.whl (353.0 kB view details)

Uploaded Python 3

File details

Details for the file stormspotter-1.0.0a0.tar.gz.

File metadata

  • Download URL: stormspotter-1.0.0a0.tar.gz
  • Upload date:
  • Size: 319.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.23.0 setuptools/46.3.0 requests-toolbelt/0.9.1 tqdm/4.46.0 CPython/3.8.2

File hashes

Hashes for stormspotter-1.0.0a0.tar.gz
Algorithm Hash digest
SHA256 d308155eff12d83eff2d460c7e999b7c7d1bc5b9a4f287c208564bd9bd5efcc2
MD5 e69e3f6f34d7d915cf25d90dc2e16c4e
BLAKE2b-256 471518f185e3516df0e5ee767d9792d630608f23c2cf84eb600acf02691c1566

See more details on using hashes here.

File details

Details for the file stormspotter-1.0.0a0-py3-none-any.whl.

File metadata

  • Download URL: stormspotter-1.0.0a0-py3-none-any.whl
  • Upload date:
  • Size: 353.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.23.0 setuptools/46.3.0 requests-toolbelt/0.9.1 tqdm/4.46.0 CPython/3.8.2

File hashes

Hashes for stormspotter-1.0.0a0-py3-none-any.whl
Algorithm Hash digest
SHA256 c54e4d8707a4197b4ccc3b36d89b720278d10f19a01c27ca5532e46c56c6c441
MD5 56d6a92419406748f8300701efc75130
BLAKE2b-256 87cb440cbde051265abfe7c8b5a7876b4e6321d41337a1d75499207b772549d2

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page