{"id":13438519,"url":"https://github.com/NetSPI/MicroBurst","last_synced_at":"2025-03-20T06:30:38.243Z","repository":{"id":37588198,"uuid":"141166681","full_name":"NetSPI/MicroBurst","owner":"NetSPI","description":"A collection of scripts for assessing Microsoft Azure security","archived":false,"fork":false,"pushed_at":"2024-10-28T21:25:11.000Z","size":455,"stargazers_count":2041,"open_issues_count":4,"forks_count":314,"subscribers_count":58,"default_branch":"master","last_synced_at":"2024-10-29T15:38:05.533Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/NetSPI.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-07-16T16:47:20.000Z","updated_at":"2024-10-28T21:25:15.000Z","dependencies_parsed_at":"2023-02-15T00:00:58.294Z","dependency_job_id":"574615aa-839c-4dbb-b7ad-0824c6a3b98c","html_url":"https://github.com/NetSPI/MicroBurst","commit_stats":{"total_commits":157,"total_committers":14,"mean_commits":"11.214285714285714","dds":"0.26751592356687903","last_synced_commit":"8976135f758012dc6c81a57237d1f66689603fbf"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NetSPI%2FMicroBurst","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NetSPI%2FMicroBurst/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NetSPI%2FMicroBurst/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NetSPI%2FMicroBurst/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/NetSPI","download_url":"https://codeload.github.com/NetSPI/MicroBurst/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244564896,"owners_count":20473155,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T03:01:06.190Z","updated_at":"2025-03-20T06:30:33.233Z","avatar_url":"https://github.com/NetSPI.png","language":"PowerShell","readme":"![MicroBurstLogo](https://notpayloads.blob.core.windows.net/images/Microburst_Github.png) \n\u003cbr\u003e \n[![licence badge]][licence] \n[![stars badge]][stars] \n[![forks badge]][forks] \n[![issues badge]][issues]\n![Twitter Follow](https://img.shields.io/twitter/follow/kfosaaen.svg?style=social)\n\n\n[licence badge]:https://img.shields.io/badge/license-New%20BSD-blue.svg\n[stars badge]:https://img.shields.io/github/stars/NetSPI/MicroBurst.svg\n[forks badge]:https://img.shields.io/github/forks/NetSPI/MicroBurst.svg\n[issues badge]:https://img.shields.io/github/issues/NetSPI/MicroBurst.svg\n\n\n[licence]:https://github.com/NetSPI/MicroBurst/blob/master/LICENSE.txt\n[stars]:https://github.com/NetSPI/MicroBurst/stargazers\n[forks]:https://github.com/NetSPI/MicroBurst/network\n[issues]:https://github.com/NetSPI/MicroBurst/issues\n\n\n### MicroBurst: A PowerShell Toolkit for Attacking Azure\n\nMicroBurst includes functions and scripts that support Azure Services discovery, weak configuration auditing, and post exploitation actions such as credential dumping. It is intended to be used during penetration tests where Azure is in use.\n\n### Author, Contributors, and License\n* Author: Karl Fosaaen ([@kfosaaen](https://twitter.com/kfosaaen)), NetSPI\n* Contributors: \n\t* Scott Sutherland ([@_nullbind](https://twitter.com/_nullbind))\n\t* Thomas Elling ([@thomaselling](https://twitter.com/thomas_elling))\n\t* Jake Karnes ([@jakekarnes42](https://twitter.com/jakekarnes42))\n\t* Josh Magri ([@passthehashbrwn](https://twitter.com/passthehashbrwn))\n* License: BSD 3-Clause\n* Required Dependencies: Az, Azure, AzureRM, AzureAD, and MSOnline PowerShell Modules are all used in different scripts\n* Dependencies Note: Originally written with the AzureRM PS modules, older scripts have been ported to their newer Az equivalents\n* Platform Note: These scripts will only run on a Windows-based platform.\n\n### Importing the Module / Usage\n\tPS C:\u003e Import-Module .\\MicroBurst.psm1\nThis will import all applicable functions based off of the currently installed modules in your environment. The scripts can then be invoked using their names like\n```\nPS C:\u003e Get-AzDomainInfo\n```\n\nIf you want to simplify the trusting of the code files, use the following \"Unblock-File\" command to recursively trust each of the downloaded files:\n\n\tPS C:\u003e dir -Recurse .\\MicroBurst-master | Unblock-File\n\nRecommended Modules to install:\n* \u003ca href=\"https://docs.microsoft.com/en-us/powershell/azure/new-azureps-module-az?view=azps-3.6.1\"\u003eAz\u003c/a\u003e\n* \u003ca href=\"https://docs.microsoft.com/en-us/powershell/module/azuread/?view=azureadps-2.0\"\u003eAzureAd\u003c/a\u003e\n* \u003ca href=\"https://docs.microsoft.com/en-us/powershell/module/msonline/?view=azureadps-1.0\"\u003eMSOnline\u003c/a\u003e\n\nHere's how a module can be installed in Powershell\n```\nPS C:\u003e Install-Module \u003cmodule-name\u003e\n```\n### Scripts Information\nIf you want to learn what a specific script does use `Get-Help` with script name like:\n```\nPS C:\u003e Get-Help Invoke-EnumerateAzureSubDomains\n```\n\n### Related Blogs\n* \u003ca href=\"https://blog.netspi.com/a-beginners-guide-to-gathering-azure-passwords/\"\u003eA Beginners Guide to Gathering Azure Passwords\u003c/a\u003e\n* \u003ca href=\"https://blog.netspi.com/enumerating-azure-services/\"\u003eAnonymously Enumerating Azure Services\u003c/a\u003e\n* \u003ca href=\"https://blog.netspi.com/anonymously-enumerating-azure-file-resources/\"\u003eAnonymously Enumerating Azure File Resources\u003c/a\u003e\n* \u003ca href=\"https://blog.netspi.com/exporting-azure-runas-certificates/\"\u003eGet-AzurePasswords: Exporting Azure RunAs Certificates for Persistence\u003c/a\u003e\n* \u003ca href=\"https://blog.netspi.com/azure-automation-accounts-key-stores\"\u003eUsing Azure Automation Accounts to Access Key Vaults\u003c/a\u003e\n* \u003ca href=\"https://blog.netspi.com/running-powershell-scripts-on-azure-vms\"\u003eRunning PowerShell on Azure VMs at Scale\u003c/a\u003e\n* \u003ca href=\"https://blog.netspi.com/maintaining-azure-persistence-via-automation-accounts/\"\u003eMaintaining Azure Persistence via Automation Accounts\u003c/a\u003e\n* \u003ca href=\"https://blog.netspi.com/decrypting-azure-vm-extension-settings-with-get-azurevmextensionsettings/\"\u003eDecrypting Azure VM Extension Settings with Get-AzureVMExtensionSettings\u003c/a\u003e\n* \u003ca href=\"https://blog.netspi.com/attacking-azure-with-custom-script-extensions/\"\u003eAttacking Azure with Custom Script Extensions\u003c/a\u003e\n* \u003ca href=\"https://blog.netspi.com/lateral-movement-azure-app-services/\"\u003eLateral Movement in Azure App Services\u003c/a\u003e\n* \u003ca href=\"https://blog.netspi.com/encrypting-password-data-in-get-azpasswords/\"\u003eGet-AzPasswords: Encrypting Automation Password Data\u003c/a\u003e\n* \u003ca href=\"https://blog.netspi.com/azure-privilege-escalation-using-managed-identities/\"\u003eAzure Privilege Escalation Using Managed Identities\u003c/a\u003e\n* \u003ca href=\"https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-persistence-with-desired-state-configurations/\"\u003eAzure Persistence with Desired State Configurations\u003c/a\u003e\n* \u003ca href=\"https://www.netspi.com/blog/technical/cloud-penetration-testing/extract-credentials-from-azure-kubernetes-service/\"\u003eHow To Extract Credentials from Azure Kubernetes Service (AKS)\u003c/a\u003e\n* \u003ca href=\"https://www.netspi.com/blog/technical-blog/cloud-pentesting/extracting-managed-identity-certificates-from-azure-arc-service/\"\u003eExtracting Managed Identity Certificates from the Azure Arc Service\u003c/a\u003e\n\n### Presentations\n* \u003ca href=\"https://youtu.be/CUTwkuiRgqg\"\u003eExtracting all the Azure Passwords - DEF CON 29 - Cloud Village\u003c/a\u003e\n  - \u003ca href=\"https://notpayloads.blob.core.windows.net/slides/ExtractingalltheAzurePasswords.pdf\"\u003eSlides\u003c/a\u003e\n* \u003ca href=\"https://www.youtube.com/watch?v=EYtw-XPml0w\"\u003eAdventures in Azure Privilege Escalation - DerbyCon 9\u003c/a\u003e\n  - \u003ca href=\"https://notpayloads.blob.core.windows.net/slides/Azure-PrivEsc-DerbyCon9.pdf\"\u003eDerbyCon 9 (2019) Slides\u003c/a\u003e\n* \u003ca href=\"https://www.youtube.com/watch?v=IdORwgxDpkw\"\u003eAttacking Azure Environments with PowerShell - DerbyCon 8\u003c/a\u003e\n  - \u003ca href=\"https://www.slideshare.net/kfosaaen/derbycon-8-attacking-azure-environments-with-powershell\"\u003eDerbyCon 8 (2018) Slides\u003c/a\u003e\n  - \u003ca href=\"https://www.slideshare.net/kfosaaen/bsides-portland-attacking-azure-environments-with-powershell\"\u003eBSidesPDX (2018) Slides\u003c/a\u003e\n\t\n### Wiki Information\nCheck out the [MicroBurst Wiki](https://github.com/NetSPI/MicroBurst/wiki) for more information on the usage of the toolkit and the available functions.\n","funding_links":[],"categories":["Asset Discovery","PowerShell","[↑](#contents)Business Communication Infrastructure Discovery","Uncategorized","Azure","Tools","0x02 工具 :hammer_and_wrench:"],"sub_categories":["Business Communication Infrastructure Discovery","Uncategorized","CLI","Exploitation","1 云服务工具"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FNetSPI%2FMicroBurst","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FNetSPI%2FMicroBurst","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FNetSPI%2FMicroBurst/lists"}