ROADtools
ROADtools copied to clipboard
dirkjanm
A collection of Azure AD/Entra tools for offensive and defensive security purposes
Changed `getscope` to list all possible scope names from the `firstpartyscopes.json` when the `-s` or `--scope` flag is omitted. Compatible with all other flags like `--csv` and `--foci` as well
I Notice that there is method "Pass the Certificate" to move to other computer in AzureAD joined local AD. this tech need context and derivedkey from mimikatz. But mimikatz need...
Trying to use the browsercore method of PRT injection isn't working for me. The bctest.py works fine, but when the login loads, it still prompts for a username and password....
The proxy option currently expects an http/https proxy. In practice, I've found what I need is a socks proxy so I can tunnel my connection through an environment to get...
It seems that using the -k option doesn't keep the browser open for longer than about a minute. For instance... `roadtx browserprtauth -d ./geckodriver -k -url https://outlook.office.com --prt MC5[snip] --prt-sessionkey...
Yet another question (or maybe issue while running `roadrecon`) - sorry for being a bother! :) Are there any plans for adding support for `https://graph.microsoft.com` based enumeration? My use case...
When using the following command with a valid refresh token: `roadrecon auth --refresh-token "XXXX" -s "https://graph.windows.net/.default openid profile offline_access" -c c44b4083-3bb0-49c1-b47d-974e53cbdf3c` The server response with: "AADSTS9002327: Tokens issued for the...
After running roadrecon's bloodhound plugin it appears that the queries are no longer compatible with the latest version of BloodHound as lots of relationships are created in the backend, however...
## Intro I created a plugin that generates a report containing the per-user MFA status of every user in a given tenant, based in Conditional Access Policies instead of the...
