Introduction
Stomspotter is an Azure Red Team tool to graph Azure and Azure AD objects.
By mapping out relationships between objects, Stormspotter visualises attack paths between Azure objects.
Stormspotter currently only supports Neo4j 3.x.x.
I recommend setting image: neo4j:3.5.18
in your docker-compose.yml
Requirements
- Docker
- Docker Compose
- Python 3.8.X
- Az PowerShell
Installation
Installation via Docker to avoid manual installation of dependencies.
The docker-compose file creates three containers:
- Frontend
- Backend
- Neo4j
git clone https://github.com/Azure/Stormspotter
cd Stormspotter
docker-compose up -d
Stormspotter Frontend will expose a WebUI on port 9091.
Neo4j will be exposed on port 7474 (HTTP) amd 7687 (Bolt).
Default credentials are specified in the docker-compose file. These should be changed.
Execution
Stormcollector
- Download the relevant package from Stormspotter Releases
- Login via
az login --allow-no-subscriptions
- Execute the stormcollector pyz file to collect Azure objects.
cd stormcollector
python3 sscollector.pyz cli
Locate the output in the stormcollector folder with the pyz file.
Upload to StormCollector UI
Check logs in backend to see processing status
Complete. Enjoy!