GraphRunner

About

GraphRunner is a post-exploitation toolset for interacting with the Microsoft Graph API. It provides various tools for performing reconnaissance, persistence, and pillaging of data from a Microsoft Entra ID (Azure AD) account.

It consists of three separate parts:

• A PowerShell script where the majority of modules are located

• An HTML GUI that can leverage an access token to navigate and pillage a user's account

• A simple PHP redirector for harvesting authentication codes during an OAuth flow

Links

Github

https://github.com/dafthack/GraphRunner/wiki/Authentication

https://www.blackhillsinfosec.com/introducing-graphrunner/

Usage

cd C:\Toolz\Graphrunner-main
Import-Module .\GraphRunner.ps1
Get-GraphTokens # login on with URL / Code
Invoke-GraphRunner -Tokens $tokens
Invoke-SearchSharePointAndOneDrive -tokens $Tokens