Stomspotter is an Azure Red Team tool to graph Azure and Azure AD objects.
By mapping out relationships between objects, Stormspotter visualises attack paths between Azure objects.
Stormspotter currently only supports Neo4j 3.x.x.
I recommend setting
image: neo4j:3.5.18 in your docker-compose.yml
- Docker Compose
- Python 3.8.X
- Az PowerShell
Installation via Docker to avoid manual installation of dependencies.
The docker-compose file creates three containers:
git clone https://github.com/Azure/Stormspotter cd Stormspotter docker-compose up -d
Stormspotter Frontend will expose a WebUI on port 9091.
Neo4j will be exposed on port 7474 (HTTP) amd 7687 (Bolt).
Default credentials are specified in the docker-compose file. These should be changed.
- Download the relevant package from Stormspotter Releases
- Login via
az login --allow-no-subscriptions
- Execute the stormcollector pyz file to collect Azure objects.
cd stormcollector python3 sscollector.pyz cli
Locate the output in the stormcollector folder with the pyz file.
Upload to StormCollector UI
Check logs in backend to see processing status