SharpGraphView: Microsoft Graph API post-exploitation toolkit
SharpGraphView
Sharp post-exploitation toolkit providing modular access to the Microsoft Graph API (graph.microsoft.com) for cloud and red team operations.
Methods
Auth Methods:
| Command | Description |
|---|---|
| Get-GraphTokens | Get graph token via device code phish (saved to graph_tokens.txt) |
| Get-TenantID -Domain <domain> | Get tenant ID for target domain |
| Get-TokenScope -Token <token> | Get scope for the supplied token |
| Invoke-RefreshToMSGraphToken -Token <refresh> -Tenant <id> | Convert refresh token to Microsoft Graph token (saved to new_graph_tokens.txt) |
| Invoke-RefreshToAzureManagementToken -Token <refresh> -Tenant <id> | Convert refresh token to Azure Management token (saved to az_tokens.txt) |
| Invoke-RefreshToVaultToken -Token <refresh> | Convert refresh token to Azure Vault token (saved to vault_tokens.txt) |
| Invoke-CertToAccessToken -Cert <path to pfx> -ID <app id> -Tenant <id> | Convert Azure Application certificate to JWT access token |
| New-SignedJWT -ID <appid> -Tenant <id> -Query <vault URL> -key <vault key> -Token <vault token> | Construct JWT and sign using Key Vault certificate (Azure Key Vault access token required) then generate Azure Management (ARM) token |
Post-Auth Methods:
All methods are subject to the assigned roles and permissions for the current access account
- The
-tokenflag is REQUIRED for all post-authentication methods. - Flags in square brackets/italics below are optional arguments. Flags without are REQUIRED.
| Method | Description |
|---|---|
| Get-CurrentUser | Get current user profile |
| Get-CurrentUserActivity | Get recent activity and actions of current user |
| Get-OrgInfo | Get information relating to the target organization |
| Get-Domains | Get domain objects |
| Get-User [-ID <userid/upn>] | Get all users (default) or target user (-id) |
| Get-UserProperties [-ID <userid/upn>] | Get current user properties (default) or target user (-id) !WARNING! loud/slow due to 403 errors when grouping properties |
| Get-UserGroupMembership [-ID <userid/upn>] | Get group memberships for current user (default) or target user (-id) |
| Get-UserTransitiveGroupMembership [-ID <userid/upn>] | Get transitive group memberships for current user (default) or target user (-id) |
| Get-Group [-ID <groupid>] | Get all groups (default) or target group (-id) |
| Get-GroupMember -ID <groupid> | Get all members of target group |
| Get-AppRoleAssignments [-ID <userid/upn>] | Get application role assignments for current user (default) or target user (-id) |
| Get-ConditionalAccessPolicy -ID <cap id> | Get conditional access policy properties |
| Get-PersonalContacts | Get contacts of the current user |
| Get-CrossTenantAccessPolicy | Get cross tenant access policy properties |
| Get-PartnerCrossTenantAccessPolicy | Get partner cross tenant access policy |
| Get-UserChatMessages -ID <userid/upn> | Get all messages from all chats for target user |
| Get-AdministrativeUnitMember -ID <admin unit id> | Get members of administrative unit |
| Get-OneDriveFiles [-ID <userid/upn>] | Get all accessible OneDrive files for current user (default) or target user (-id) |
| Get-UserPermissionGrants [-ID <userid/upn>] | Get permissions grants of current user (default) or target user (-id) |
| Get-oauth2PermissionGrants [-ID <userid/upn>] | Get oauth2 permission grants for current user (default) or target user (-id) |
| Get-Messages [-ID <userid/upn>] | Get all messages in signed-in user’s mailbox (default) or target user (-id) |
| Get-TemporaryAccessPassword [-ID <userid/upn>] | Get TAP details for current user (default) or target user (-id) |
| Get-Password [-ID <userid/upn>] | Get passwords registered to current user (default) or target user (-id) |
| List-AuthMethods [-ID <userid/upn>] | List authentication methods for current user (default) or target user (-id) |
| List-DirectoryRoles | List all directory roles activated in the tenant |
| List-Notebooks [-ID <userid/upn>] | List current user notebooks (default) or target user (-id) |
| List-ConditionalAccessPolicies | List conditional access policy objects |
| List-ConditionalAuthenticationContexts | List conditional access authentication context |
| List-ConditionalNamedLocations | List conditional access named locations |
| List-SharePointRoot | List root SharePoint site properties |
| List-SharePointSites | List any available SharePoint sites |
| List-ExternalConnections | List external connections |
| List-Applications | List all Azure Applications |
| List-ServicePrincipals | List all service principals |
| List-Tenants | List tenants |
| List-JoinedTeams [-ID <userid/upn>] | List joined teams for current user (default) or target user (-id) |
| List-Chats [-ID <userid/upn>] | List chats for current user (default) or target user (-id) |
| List-Devices | List devices |
| List-AdministrativeUnits | List administrative units |
| List-OneDrives [-ID <userid/upn>] | List current user OneDrive (default) or target user (-id) |
| List-RecentOneDriveFiles | List current users recent OneDrive files |
| List-SharedOneDriveFiles | List OneDrive files shared with the current user |
| Invoke-Search -Search <string> -Entity <entity> | Search for string within entity type (driveItem, message, chatMessage, site, event) |
| Find-PrivilegedRoleUsers | Find users with privileged roles assigned |
| Invoke-CustomQuery -Query <graph endpoint URL> | Custom GET query to target Graph API endpoint e.g. https://graph.microsoft.com/v1.0/me |
| Update-UserPassword -ID <userid/upn> | Update the passwordProfile of the target user (NewUserS3cret@Pass!) |
| Add-ApplicationPassword -ID <appid> | Add client secret to target application |
| Add-UserTAP -ID <userid/upn> | Add new Temporary Access Password (TAP) to target user |
