https://github.com/nemmusu/powerbi-extractor
PowerBI Extractor is a fully open-source auditing and exploration tool for Microsoft Power BI environments, it performs deep metadata extraction, access control validation, user-role mapping, and optional DAX/report export operations.
https://github.com/nemmusu/powerbi-extractor
acl audit dax dump enumeration hacking harvest harvester microsoft penetration-testing penetration-testing-tools powerbi redteaming redteaming-tools scanner tool user-enumeration vulnerability web-hacking-tool
Last synced: 12 months ago
JSON representation
PowerBI Extractor is a fully open-source auditing and exploration tool for Microsoft Power BI environments, it performs deep metadata extraction, access control validation, user-role mapping, and optional DAX/report export operations.
- Host: GitHub
- URL: https://github.com/nemmusu/powerbi-extractor
- Owner: nemmusu
- Created: 2025-05-09T17:50:40.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2025-06-10T07:03:43.000Z (about 1 year ago)
- Last Synced: 2025-06-10T07:32:48.123Z (about 1 year ago)
- Topics: acl, audit, dax, dump, enumeration, hacking, harvest, harvester, microsoft, penetration-testing, penetration-testing-tools, powerbi, redteaming, redteaming-tools, scanner, tool, user-enumeration, vulnerability, web-hacking-tool
- Language: Python
- Homepage:
- Size: 10.7 KB
- Stars: 2
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Power BI Extractor
`powerbi_extractor.py` is a **fully open-source auditing and exploration tool** for **Microsoft Power BI** environments.
Designed for **red teams**, **security auditors**, and **data analysts**, it performs deep metadata extraction, access control validation, user-role mapping, and optional DAX/report export operations โ all from the command line.
[](https://github.com/nemmusu/powerbi-extractor/stargazers)
[](https://github.com/nemmusu/powerbi-extractor/forks)
[](https://github.com/nemmusu/powerbi-extractor/issues)
[](https://github.com/nemmusu/powerbi-extractor/commits/main)
[](LICENSE)
---
## ๐ Why Power BI Extractor?
Microsoft Power BI is a widely adopted business intelligence platform โ yet security misconfigurations are common.
`powerbi_extractor.py` enables structured discovery and validation of:
- ๐ Access Control Lists (ACLs)
- ๐ Report + Dataset mapping
- ๐ค Role-Based Access Control (RBAC)
- ๐ค Export-to behavior
- ๐ Data exposure via DAX
- ๐งโ๐ผ User enumeration and role visibility
- ๐ง AAD Group lookups (optional via Microsoft Graph)
---
## ๐ Features
- โ
List accessible workspaces
- โ
Extract report metadata and export tokens
- โ
Dump datasets and DAX output (when permitted)
- โ
Perform ACL and RBAC checks
- โ
Enumerate workspace users and roles (opt-in)
- โ
Map users โ workspaces โ permissions
- โ
Save audit logs, summaries, and vulnerabilities
- โ
Optional integration with Microsoft Graph
---
## โ๏ธ Installation
```bash
git clone https://github.com/nemmusu/powerbi-extractor.git
cd powerbi-extractor
pip install -r requirements.txt
```
Requirements (in `requirements.txt`):
```txt
requests
tabulate
pandas
```
---
## ๐งช Usage
```bash
python3 powerbi_extractor.py --token [--enum-users] [--audit] [--output OUTPUT_DIR]
```
### Arguments
- `--token`: Required. A Power BI access token.
- `--enum-users`: List users and roles for each workspace.
- `--audit`: Trigger ACL and export token validation.
- `--output`: Destination directory. Defaults to `output/YYYYMMDD_HHMMSS`.
---
## Output
### Terminal Output (Example)
```
[=] Workspace: Finance_Dept
โ Your role: Contributor
โช Report: Quarterly_Summary
โโ [โ] Fetched reportId: 7a1df76...
โโ โ๏ธ Checking embed token...
โโ [โ] Embed token generated (HTTP 200)
โโ [โ] Sent ExportTo request โ jobId: 3a1f...
โโ [โ] Export succeeded
[โ] DAX OK: FinancialsDataset (24 columns)
โช Report: Forecast_2024
โโ [โ] Fetched reportId: 9bbff3e...
โโ โ๏ธ Checking embed token...
โโ [โ] Embed token generated (HTTP 200)
โโ [โ] Sent ExportTo request โ jobId: 8ab7...
โโ [โ] Polling attempt 1 โ HTTP 404
โโ [โ] Export job valid but PDF missing
[=] Workspace: HR_Team
โ Your role: Unknown (not in list)
โช Report: Employee_Stats
โโ [โ] Embed token failed โ HTTP 403
โช Report: Headcount_Report
โโ [โ] Fetched reportId: b821ffe...
โโ โ๏ธ Checking embed token...
โโ [โ] Embed token generated (HTTP 200)
โโ [โ] Sent ExportTo request โ jobId: c771...
โโ [โ] Export job failed
[โ] DAX OK: FinancialsDataset (24 columns)
[โ] DAX FAIL: HR_Dataset (HTTP 403)
๐งโ๐ผ Users Summary:
โญโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโฌโโโโโโโโโโโฎ
โ displayName โ emailAddress โ identifier โ role โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโผโโโโโโโโโโโค
โ Alice Admin โ alice@contoso.com โ ... โ Admin โ
โ Bob Viewer โ bob@contoso.com โ ... โ Viewer โ
โ Carol Contributor โ carol@contoso.com โ ... โ Contributorโ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโดโโโโโโโโโโโฏ
๐ User โ Workspace Mapping (with roles):
โญโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ User โ Workspaces (Role) โ
โโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ alice@contoso.com โ Finance_Dept (Admin), HR_Team (Viewer) โ
โ bob@contoso.com โ Finance_Dept (Viewer) โ
โ carol@contoso.com โ HR_Team (Contributor) โ
โฐโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
[โ] Summary saved to output/20250509_172302/summary.txt
[โ] Full output saved to output/20250509_172302/full_output_summary.txt
๐จ Vulnerabilities Detected: 3
โญโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ Type โ Vulnerability โ
โโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ ๐ด VULN โ Embed token can be generated for: Quarterly_Summary โ
โ ๐ด VULN โ Dataset executed without error or RLS: FinancialsDataset โ
โ ๐ด VULN โ Export job valid but PDF missing: Forecast_2024 โ
โฐโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
```
---
### Example `summary.txt`
```
๐ Workspace: Finance_Dept
๐ Reports:
[โ] Quarterly_Summary โ exported
[โ] Annual_Overview โ failed_403
[โ] Legacy_Budget โ export_failed_404
๐งฌ Datasets:
[โ] FinancialsDataset โ DAX OK, 24 col
[โ] HR_Dataset โ FAIL (fail_403)
๐ Workspace: HR_Team
๐ Reports:
[โ] Employee_Stats โ failed_403
[โ] Salary_Overview โ export_failed
๐งฌ Datasets:
[โ] StaffData โ FAIL (fail_403)
๐ Enumerated Users:
| displayName | emailAddress | identifier | role |
|-----------------|-----------------------|------------|------------|
| Alice Admin | alice@contoso.com | ... | Admin |
| Bob Viewer | bob@contoso.com | ... | Viewer |
| Eve External | eve@external.com | ... | Contributor|
=== USERS โ WORKSPACES MAP ===
โญโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ User โ Workspaces (Role) โ
โโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ alice@contoso.com โ Finance_Dept (Admin), HR_Team (Contributor) โ
โ bob@contoso.com โ Finance_Dept (Viewer) โ
โ eve@external.com โ HR_Team (Contributor) โ
โฐโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
=== AUDIT VULNERABILITY SUMMARY ===
โญโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ Type โ Vulnerability โ
โโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ ๐ด VULN โ Embed token can be generated for: Quarterly_Summary โ
โ ๐ด VULN โ Dataset executed without error or RLS: FinancialsDataset โ
โ ๐ด VULN โ Export job valid but PDF missing: Legacy_Budget (jobId: ...) โ
โฐโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
```
---
### Example `full_output_summary.txt`
```
======================================================================
SUMMARY
======================================================================
๐ Workspace: Finance_Dept
๐ Reports:
[โ] Quarterly_Summary โ exported
[โ] Annual_Overview โ failed_403
[โ] Legacy_Budget โ export_failed_404
๐งฌ Datasets:
[โ] FinancialsDataset โ DAX OK, 24 col
[โ] HR_Dataset โ FAIL (fail_403)
๐ Workspace: HR_Team
๐ Reports:
[โ] Employee_Stats โ failed_403
[โ] Salary_Overview โ export_failed
๐งฌ Datasets:
[โ] StaffData โ FAIL (fail_403)
๐ Enumerated Users:
| displayName | emailAddress | identifier | role |
|-----------------|-----------------------|------------|------------|
| Alice Admin | alice@contoso.com | ... | Admin |
| Bob Viewer | bob@contoso.com | ... | Viewer |
| Eve External | eve@external.com | ... | Contributor|
=== USERS โ WORKSPACES MAP ===
โญโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ User โ Workspaces (Role) โ
โโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ alice@contoso.com โ Finance_Dept (Admin), HR_Team (Contributor) โ
โ bob@contoso.com โ Finance_Dept (Viewer) โ
โ eve@external.com โ HR_Team (Contributor) โ
โฐโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
=== AUDIT VULNERABILITY SUMMARY ===
โญโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ Type โ Vulnerability โ
โโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ ๐ด VULN โ Embed token can be generated for: Quarterly_Summary โ
โ ๐ด VULN โ Dataset executed without error or RLS: FinancialsDataset โ
โ ๐ด VULN โ Export job valid but PDF missing: Legacy_Budget (jobId: ...) โ
โฐโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
======================================================================
REPORT LOGS
======================================================================
๐ Quarterly_Summary.log
--------------------------------------------------
Report Name: Quarterly_Summary
Workspace: Finance_Dept
Group ID: GID-FIN-001
Report ID: RPT-123
Dataset ID: DS-456
EmbedTokenCheck: HTTP 200
EmbedToken: eyJ0eXAi...
Job ID: JOB-789
๐ Legacy_Budget.log
--------------------------------------------------
Report Name: Legacy_Budget
Workspace: Finance_Dept
Group ID: GID-FIN-001
Report ID: RPT-LEG-333
Dataset ID: DS-LEGACY
EmbedTokenCheck: HTTP 200
EmbedToken: eyJ0eXAi...
Job ID: JOB-XYZ
Polling: 404 NOT FOUND
๐ Salary_Overview.log
--------------------------------------------------
Report Name: Salary_Overview
Workspace: HR_Team
Group ID: GID-HR-002
Report ID: RPT-SAL
Dataset ID: DS-HR-02
EmbedTokenCheck: HTTP 200
Job ID: JOB-FAIL
Status: FAILED
======================================================================
AUDIT FINDINGS
======================================================================
[OK] Token context โ service_principal=False, guest=False, admin=False
[INFO] Embed URL detected: https://app.powerbi.com/reportEmbed?reportId=...
[OK] Token subject explicitly in report ACL: Quarterly_Summary
[VULN] Embed token can be generated for: Quarterly_Summary
[VULN] Dataset executed without error or RLS: FinancialsDataset (cols: 24)
[OK] RLS roles defined for dataset: FinancialsDataset
[OK] RLS enforcement confirmed: FinancialsDataset
[VULN] Export job valid but PDF missing: Legacy_Budget (jobId: JOB-XYZ)
```
---
## ๐ Output Structure
- `reports//`: Exported report PDFs (if accessible)
- `dax//`: Dataset output in JSON format
- `logs//`: Detailed logs for each export
- `users.csv` / `users.json`: Workspace user listings (if enabled)
- `summary.txt`: Human-readable summary
- `full_output_summary.txt`: Full logs + findings
## Notes
- Tokens must be valid for the Power BI REST API. Microsoft Graph access (e.g., AAD group resolution) requires additional scopes but is optional.
- Export and DAX operations do not guarantee access โ HTTP errors are logged and reported.
## โ ๏ธ Disclaimer
This tool is released for educational and authorized assessment purposes only.
It is always distributed as **Python source code**.
**โ ๏ธ Beware of `.exe` versions: they are unofficial and potentially malicious.**
---
## ๐ซ Contact
GitHub: [nemmusu/powerbi-extractor](https://github.com/nemmusu/powerbi-extractor)