blacklanternsecurity
diff --git a/‎README.md‎
Lines changed: 12 additions & 1 deletion b/‎README.md‎
Lines changed: 12 additions & 1 deletion
diff --git a/‎offensive_azure/Azure_AD/README.md‎
Lines changed: 127 additions & 13 deletions b/‎offensive_azure/Azure_AD/README.md‎
Lines changed: 127 additions & 13 deletions
@@ -27,7 +27,18 @@ Collection of offensive tools targeting Microsoft Azure written in Python to be
 - [`./Azure_AD/get_groups.py`](https://github.com/blacklanternsecurity/offensive-azure/tree/main/Azure_AD)
   - Takes in an access token or refresh token, outputs all groups in Azure AD and all available group properties in Microsoft Graph
   - Creates three data files, a condensed json file, a raw json file, and a BloodHound compatible azgroups file
-
+- [`./Azure_AD/get_group_members.py`](https://github.com/blacklanternsecurity/offensive-azure/tree/main/Azure_AD)
+  - Takes in an access token or refresh token, outputs all group memberships in Azure AD and all available group member properties in Microsoft Graph
+  - Creates three data files, a condensed json file, a raw json file, and a BloodHound compatible azgroups file
+- [`./Azure_AD/get_subscriptions.py`](https://github.com/blacklanternsecurity/offensive-azure/tree/main/Azure_AD)
+  - Takes in an ARM token or refresh token, outputs all subscriptions in Azure and all available subscription properties in Azure Resource Manager
+  - Creates three data files, a condensed json file, a raw json file, and a BloodHound compatible azgroups file
+- [`./Azure_AD/get_resource_groups.py`](https://github.com/blacklanternsecurity/offensive-azure/tree/main/Azure_AD)
+  - Takes in an ARM token or refresh token, outputs all resource groups in Azure and all available resource group properties in Azure Resource Manager
+  - Creates two data files, a raw json file, and a BloodHound compatible azgroups file
+- [`./Azure_AD/get_vms.py`](https://github.com/blacklanternsecurity/offensive-azure/tree/main/Azure_AD)
+  - Takes in an ARM token or refresh token, outputs all virtual machines in Azure and all available VM properties in Azure Resource Manager
+  - Creates two data files, a raw json file, and a BloodHound compatible azgroups file
 # Installation
 
 Offensive Azure can be installed in a number of ways or not at all. 
 
@@ -2,29 +2,143 @@
 
 This set of modules are meant for targetting Azure AD data. Each module will output a set of data files for further analysis. Support is provided for bloodhound compatible data files in each module. Microsoft is deprecating the use of the Azure AD Graph API on June 30 2022. So, these modules are not going to use any of the now deprecated API calls. Rather, they will be using other available APIs including the currently supported Microsoft Graph API.
 
-## get_groups.py
+## General Functionality
 
-This module uses the Microsoft Graph API to request all groups present within Azure AD. It requires an ms_graph token or a refresh token to be supplied as an argument, or a refresh token supplied as an environment variable `REFRESH_TOKEN`. This module will output a condensed set of results to stdout. Additionally, the module will create three data files. One condensed data json file, one raw json output file, and one file compatible for use with BloodHound.
+Each of these modules will output a set of files. All include a raw json response file and a bloodhound compatible json file. Some include a condensed json output file. Usage of these modules is flexible. You may supply the required access token, or a refresh token via script arguments. You may also define an envrionment variable that contains a refresh token. This is the recommended way, and each module will handle the token requests to get the appropriate access token type.
 
-## get_users.py
+## Installation
 
-This module uses the Microsoft Graph API to request all users present within Azure AD. It requires an ms_graph token or a refresh token to be supplied as an argument, or a refresh token supplied as an environment varialbe `REFRESH_TOKEN`. This module will output a condensed set of results to stdout. Additionally, the module will create three data files. One condensed data json file, one raw json output file, and one file compatible for use with BloodHound.
+```bash
+git clone https://github.com/blacklanternsecurity/offensive-azure.git
+cd ./offensive-azure/Azure_AD/
+pipenv shell
+pip install -r requirements.txt
+```
 
-The module attempts to pull all available properties as defined in the Microsoft Graph documentation, not just the default properties.
+## get_vms Usage
 
-## get_tenant.py
+```bash
+usage: get_vms.py [-t|--arm_token <arm_token>] [-r|--refresh_token <refresh_token>]
 
-This module uses a combination of access token and public endpoints to gather the tenant ID and tenant name (Federation Brand Name). It requires that an access token or a refresh token is supplied as arguments. If neither are supplied, the module will also check for the `REFRESH_TOKEN` variable and use it to request a valid access token.
+        ==========================================================
+        #                                                        #
+        #  Uses Azure Resource Management API to pull a full     #
+        #  list of virtual machines.                             #
+        #                                                        #
+        #  If no ARM token or refresh_token is supplied,         #
+        #  module will look in the REFRESH_TOKEN environment     #
+        #  variable and request the ARM token                    #
+        #                                                        #
+        #  Outputs a raw json output file, and a json file       #
+        #  compatible with BloodHound                            #
+        #                                                        #
+        ==========================================================
 
-The module will output two data files. One text file containing the tenant ID and tenant name. Second a JSON file compatible for use with BloodHound.
+optional arguments:
+  -h, --help            show this help message and exit
+  -t <arm_token>, --arm_token <arm_token>
+                        The ARM token you would like to use
+  -r <refresh_token>, --refresh_token <refresh_token>
+                        The refresh token you would like to use
+  -R <refresh_token_file>, --refresh_token_file <refresh_token_file>
+                        A JSON file saved from token_juggle.py containing the refresh token you would like to use.
+  -o <path>, --outfile_path <path>
+                        The path of where you want the virtual machine data saved. If not supplied, module defaults to the current directory.
+```
 
-## Installation
+## get_resource_groups Usage
 
 ```bash
-git clone https://github.com/blacklanternsecurity/offensive-azure.git
-cd ./offensive-azure/Azure_AD/
-pipenv shell
-pip install -r requirements.txt
+usage: get_resource_groups.py [-t|--arm_token <arm_token>] [-r|--refresh_token <refresh_token>]
+
+        ==========================================================
+        #                                                        #
+        #  Uses Azure Resource Management API to pull a full     #
+        #  list of resource groups.                              #
+        #                                                        #
+        #  If no ARM token or refresh_token is supplied,         #
+        #  module will look in the REFRESH_TOKEN environment     #
+        #  variable and request the ARM token                    #
+        #                                                        #
+        #  Outputs a raw json output file, and a json file       #
+        #  compatible with BloodHound                            #
+        #                                                        #
+        ==========================================================
+
+optional arguments:
+  -h, --help            show this help message and exit
+  -t <arm_token>, --arm_token <arm_token>
+                        The ARM token you would like to use
+  -r <refresh_token>, --refresh_token <refresh_token>
+                        The refresh token you would like to use
+  -R <refresh_token_file>, --refresh_token_file <refresh_token_file>
+                        A JSON file saved from token_juggle.py containing the refresh token you would like to use.
+  -o <path>, --outfile_path <path>
+                        The path of where you want the resource group data saved. If not supplied, module defaults to the current directory.
+```
+
+## get_subscriptions Usage
+
+```bash
+usage: get_subscriptions.py [-t|--arm_token <arm_token>] [-r|--refresh_token <refresh_token>]
+
+        ==========================================================
+        #                                                        #
+        #  Uses Azure Resource Management API to pull a full     #
+        #  list of subscriptions.                                #
+        #                                                        #
+        #  If no ARM token or refresh_token is supplied,    #
+        #  module will look in the REFRESH_TOKEN environment     #
+        #  variable and request the ARM token                    #
+        #                                                        #
+        #  Outputs condensed results in a text file, a raw json  #
+        #  output file, and a json file compatible with          #
+        #  BloodHound                                            #
+        #                                                        #
+        ==========================================================
+
+optional arguments:
+  -h, --help            show this help message and exit
+  -t <arm_token>, --arm_token <arm_token>
+                        The ARM token you would like to use
+  -r <refresh_token>, --refresh_token <refresh_token>
+                        The refresh token you would like to use
+  -R <refresh_token_file>, --refresh_token_file <refresh_token_file>
+                        A JSON file saved from token_juggle.py containing the refresh token you would like to use.
+  -o <path>, --outfile_path <path>
+                        The path of where you want the subscription data saved. If not supplied, module defaults to the current directory.
+```
+
+## get_group_members Usage
+
+```bash
+usage: get_group_members.py [-t|--graph_token <graph_token>] [-r|--refresh_token <refresh_token>]
+
+        ==========================================================
+        #                                                        #
+        #  Uses the Microsoft Graph API to pull a full list of   #
+        #  user group membership details.                        #
+        #                                                        #
+        #  If no ms_graph token or refresh_token is supplied,    #
+        #  module will look in the REFRESH_TOKEN environment     #
+        #  variable and request the ms_graph token               #
+        #                                                        #
+        #  Outputs condensed results in a text file, a raw json  #
+        #  output file, and a json file compatible with          #
+        #  BloodHound                                            #
+        #                                                        #
+        ==========================================================
+
+optional arguments:
+  -h, --help            show this help message and exit
+  -t <graph_token>, --graph_token <graph_token>
+                        The ms_graph token you would like to use
+  -r <refresh_token>, --refresh_token <refresh_token>
+                        The refresh token you would like to use
+  -R <refresh_token_file>, --refresh_token_file <refresh_token_file>
+                        A JSON file saved from token_juggle.py containing the refresh token you would like to use.
+  -o <path>, --outfile_path <path>
+                        The path of where you want the group membership data saved. If not supplied, module defaults to the current directory.
 ```
 
 ## get_groups Usage