Important
Requirements:
- PowerShell 7.0 or higher (Windows PowerShell 5.1 is NOT supported)
- Az.Accounts module
PowerShell Module
description: >
BlackCat is a PowerShell module designed to validate the security of Microsoft Azure environments.
It provides a set of functions to identify potential security risks and ensure compliance with best practices.
target_scope: >
The module focuses on analyzing and validating configurations within Microsoft Azure environments.
note: >
The module will be published to the PowerShell Gallery once it has been signed and is ready for release.
Please note that the author is not responsible for any misuse of this module. It is intended solely for
detecting security risks within the defined scope.
running_from_codespace:
description: >
To run the BlackCat module from a GitHub Codespace, follow these steps:
1. Click the `Code` button and select `Create codespace on main`.
2. Once the Codespace is ready, open the terminal.
3. The pwsh terminal already has the BlackCat module activated
PS> Install-Module BlackCat && Import-Module BlackCat
PS> git clone https://github.com/azurekid/blackcat.git
PS> cd blackcat
PS> import-module ./blackcat.psd1
documentation: >
Work in progress, but all functions have documentation in the files
Get-Help Get-RoleAssignments
credential_access:
description: Functions for extracting credentials and secrets
functions:
- Get-KeyVaultSecret
- Get-StorageAccountKey
discovery:
description: Functions for enumerating Azure/Entra ID resources (authenticated)
functions:
- Get-AdministrativeUnit
- Get-EntraInformation
- Get-EntraIDPermissions
- Get-EntraRoleMember
- Get-ManagedIdentity
- Get-RoleAssignment
- Get-StorageContainerList
- Find-EntraPermissionHolder
- Find-AzurePermissionHolder
exfiltration:
description: Functions for extracting data from Azure resources
functions:
- Export-AzAccessToken
- Get-FileShareContent
- Get-PublicBlobContent
reconnaissance:
description: Functions for external/unauthenticated enumeration
functions:
- Find-AzurePublicResource
- Find-SubDomain
- Find-DnsRecords
- Find-PublicStorageContainer
- Test-DomainRegistration
persistence:
description: Functions for maintaining access
functions:
- Set-FederatedIdentity
- Set-ManagedIdentityPermission
- Set-ServicePrincipalCredential
- Add-GroupObject
resource_development:
description: Functions for creating attack infrastructure
functions:
- Add-EntraApplication
- Connect-ServicePrincipal
- Copy-PrivilegedUser
description: >
The backlog contains a list of planned features, enhancements, and bug fixes for the project.
You can track the progress and upcoming tasks by visiting the project's backlog page.
⬇️
feedback_and_contributions:
description: >
Support and feedback are greatly appreciated. If you would like to
see specific features or have suggestions for improvement, please use the Issue forms
available in the repository.
Your input helps shape the future of this project.
Contributions are welcome! To contribute:
- Fork the repository to your GitHub account.
- Create a new branch for your feature or bug fix.
- Make your changes, ensuring they align with the project's coding standards.
- Test your changes thoroughly.
- Submit a pull request with a clear description of your changes.
Please ensure that your contributions adhere to the project's code of conduct.
For more details, refer to the CONTRIBUTING.md file in the repository.