Microsoft Azure Cloud Security Testing and Auditing Solutions
The following outlines a list of software that have been developed in cloud security auditing for optimizing security in Google Cloud platforms. A list of solutions is presented with their respective github descriptions.
ROADtools
ROADtools is a framework to interact with Azure AD
ROADrecon is a tool for exploring information in Azure AD from both a Red Team and Blue Team perspective. In short, this is what it does:
- Uses an automatically generated metadata model to create an SQLAlchemy backed database on disk.
- Uses asynchronous HTTP calls in Python to dump all available information in the Azure AD graph to this database.
- Provides plugins to query this database and output it to a useful format.
- Provides an extensive interface built in Angular that queries the offline database directly for its analysis.
Detailed information and setup information: https://github.com/dirkjanm/ROADtools
ROADtools
MicroBurst: A PowerShell Toolkit for Attacking Azure
MicroBurst includes functions and scripts that support Azure Services discovery, weak configuration auditing, and post exploitation actions such as credential dumping. It is intended to be used during penetration tests where Azure is in use.
Detailed information and setup information: https://github.com/NetSPI/MicroBurst
Scout Suite
Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of pages on the web consoles, Scout Suite presents a clear view of the attack surface automatically.
Detailed information and setup information: https://github.com/nccgroup/ScoutSuite
PowerZure
PowerZure is a PowerShell project created to assess and exploit resources within Microsoft’s cloud platform, Azure. PowerZure was created out of the need for a framework that can both perform reconnaissance and exploitation of Azure, AzureAD, and the associated resources.
Detailed information and setup information: https://github.com/hausec/PowerZure
Azurite
Azurite - Azurite Explorer and Azurite Visualizer
Azurite was developed to assist penetration testers and auditors during the enumeration and reconnaissance activities within the Microsoft Azure public Cloud environment. It consists of two helper scripts: Azurite Explorer and Azurite Visualizer. The scripts are used to collect, passively, verbose information of the main components within a deployment to be reviewed offline, and visualize the association between the resources using an interactive representation. One of the main features of the visual representation is to provide a quick way to identify insecure Network Security Groups (NSGs) in a subnet or Virtual Machine configuration.
Detailed information and setup information: https://github.com/FSecureLABS/Azurite
Stormspotter
Stormspotter creates an “attack graph” of the resources in an Azure subscription. It enables red teams and pen testers to visualize the attack surface and pivot opportunities within a tenant, and supercharges your defenders to quickly orient and prioritize incident response work.
Detailed information and setup information: https://github.com/Azure/Stormspotter
Azucar
Azucar is a multi-threaded plugin-based tool to help you assess the security of your Azure Cloud environment.
Detailed information and setup information: https://github.com/nccgroup/azucar
Blobhunter
BlobHunter helps you identify Azure blob storage containers which store files that are publicly available to anyone with an internet connection.
The tool will help mitigate risk by identifying poorly configured containers that store sensitive data, which is specifically helpful in larger scale Azure subscriptions where there are a significant number of storage accounts that could be hard to track.
Detailed information and setup information: https://github.com/cyberark/blobhunter