1 | | - | # BlueMap - Azure Exploitation Toolkit |
| 1 | + | ### BlueMap: An Interactive Exploitation Toolkit for Azure |
2 | 2 | | |
3 | | - | # About BlueMap & Motivation |
| 3 | + | BlueMap helps penetration testers and red teamers to perform Azure auditing, discovery & enumeration, and exploitation in interactive mode that saves complex opsec and overhead that usually exists in Azure penetration testing engagements. |
4 | 4 | | |
5 | | - | BlueMap helps cloud red teamers and security researchers identify IAM misconfigurations, information gathering, and abuse of managed identities in interactive mode without ANY third-party dependencies. No more painful installations on the customer's environment, No more need to custom the script to avoid SIEM detection! |
| 5 | + | The tool is currently in the Alpha version and with initial capabilities, but it will evolve with time :) |
6 | 6 | | |
7 | | - | The tool leaves minimum traffic in the network logs so it can help during red team engagements from on-prem to the cloud. Developed in Python and implemented all Azure integrations from scratch with zero dependencies on Powershell stuff. The idea behind the tool is to let security researchers and red team members the ability to focus on more Opsec rather than DevOps stuff. |
| 7 | + | ### Motivation |
8 | 8 | | |
9 | | - | The tool is currently in the Alpha version and with initial capabilities, but it will evolve with time :) |
| 9 | + | During cloud engagements, a red teamer and pentester need to use different tools (primarily based on Powershell), which require third-party dependencies such as Az Module and similar for practical exploitation. BlueMap helps cloud red teamers and security researchers identify IAM misconfigurations, information gathering, and abuse of managed identities in interactive mode without ANY third-party dependencies. No more painful installations on the customer's environment. |
| 10 | + | Developed in Python and implemented all Azure integrations from scratch. The idea behind the tool is to let security researchers and red team members have the ability to focus on more Opsec to bring practical results. |
10 | 11 | | |
11 | | - | # Supported Capabilities |
| 12 | + | ### Installation |
| 13 | + | |
| 14 | + | The up-to-date release can be downloaded by cloning the master branch from here. |
| 15 | + | |
| 16 | + | git clone https://github.com/SikretaLabs/BlueMap.git |
12 | 17 | | |
13 | | - | - Shadow Permissions Enumeration & IAM detailed scanner |
14 | | - | - Automation for Service Principles Exploit |
15 | | - | - App Service Attack surface detection |
16 | | - | - Token Convert automation for local/remote identities (i.e., Managed Identity) |
17 | | - | - Ability to connect remote/local identities |
18 | | - | - ARM Template Quick Analysis |
| 18 | + | BlueMap works out of the box with [Python](https://www.python.org/download/) version **3.x** and above on any platform. |
| 19 | + | For more information about installtion and other setup, please refer our wiki. |
19 | 20 | | |
20 | | - | TodoList: |
| 21 | + | ### License |
21 | 22 | | |
22 | | - | - Add WhoAmI feature to show local UPN + Role |
23 | | - | - Run Command on VM |
24 | | - | - Add support to extract stored password / information from automation accounts |
25 | | - | - Add support in Managed Identity in Reader/ExposedAppServiceApps (need to login as Azure Admin and set one up) |
26 | | - | - Detect of azureprofile.json ("Save-AzContext" as logged in Azure admin) |
27 | | - | - Add support in Blob enumeration (Microbrust like) |
28 | | - | - Add support to enumerate all Azure Container Registry |
29 | | - | - Add capability of parsing token/convert (to Graph etc.) |
30 | | - | - Add Azure Function App Support |
31 | | - | - Add Option to Read Vault Secrets |
32 | | - | - Add Option to View FW rules |
33 | | - | - Added Support for Password Spray |
34 | | - | - Add Option to Support Enumerate Owner for Enterprise Apps Only |
35 | | - | - Add Global Administrator or Intune Administrator Privilege: Add new PowerShell script to enrolled Intune devices |
36 | | - | - Add Support of Reset Password Functionality |
| 23 | + | BlueMap is distributed under MIT License |
37 | 24 | | |