PowerZure logo

PowerZure is a PowerShell project created to assess and exploit resources within Microsoft’s cloud platform, Azure. PowerZure was created out of the need for a framework that can both perform reconnaissance and exploitation of Azure.

Getting Started

An overview of Azure, Azure AD, and PowerZure is covered in my blog post here https://posts.specterops.io/attacking-azure-azure-ad-and-introducing-powerzure-ca70b330511a

To get started with PowerZure, make sure the requirements are met. If you do not have the modules, PowerZure will ask you if you’d like to install them automatically when importing PowerZure as a module. PowerZure does require an Administrative PowerShell window, >= version 5.0. There is no advantage to running PowerZure on a compromised/pwned machine. Since you’re interacting with the cloud, it’s opsec safe to use from a bastion operating host, or if you’re feeling adventurous, your own host. Read the operational usage page here

Additionally, you must sign-in to Azure before PowerZure functions are made available. To sign in, use the cmdlet

az login

If you are using functions that use the AzureAD module, you must additionally sign in with

Connect-AzureAD

If you are using functions that use the Azure PowerShell module, you must additionally sign in with

Connect-AzAccount

Check out the functions pages on the left to see which functions use which modules. Majority of PowerZure uses the az (Azure CLI) module.

Once you are signed in to Azure, you can import PowerZure:

ipmo C:\Path\To\Powerzure.ps1

Upon importing, it will list your current role and available subscriptions. From there, you can run

Get-Targets

To get a list of resources you have access to.