GraphRunner

Overview

GraphRunner is an open-source tool designed for Azure-based security assessments and automation. It leverages Microsoft Graph API, making it useful for conducting various tasks such as enumerating Azure resources, detecting misconfigurations, and automating security operations. It is particularly helpful for red and blue teams in gathering detailed information across Entra ID (formerly Azure AD), Microsoft 365, and other services that expose data through the Graph API.

Key Components

• Graph API Automation: Automates tasks via the Microsoft Graph API to pull detailed information about identities, groups, devices, and permissions.

• Security Audits: Identifies misconfigurations, such as excessive permissions or weak security policies.

• Incident Response: Helps automate workflows by retrieving forensic data across M365 services

Github Link

GitHub - dafthack/GraphRunner: A Post-exploitation Toolset for Interacting with the Microsoft Graph APIGitHub