SharpGraphView: Microsoft Graph API post-exploitation toolkit

SharpGraphView

Sharp post-exploitation toolkit providing modular access to the Microsoft Graph API (graph.microsoft.com) for cloud and red team operations.

Methods

Auth Methods:

Command Description
Get-GraphTokens Get graph token via device code phish (saved to graph_tokens.txt)
Get-TenantID -Domain <domain> Get tenant ID for target domain
Get-TokenScope -Token <token> Get scope for the supplied token
Invoke-RefreshToMSGraphToken -Token <refresh> -Tenant <id> Convert refresh token to Microsoft Graph token (saved to new_graph_tokens.txt)
Invoke-RefreshToAzureManagementToken -Token <refresh> -Tenant <id> Convert refresh token to Azure Management token (saved to az_tokens.txt)
Invoke-RefreshToVaultToken -Token <refresh> Convert refresh token to Azure Vault token (saved to vault_tokens.txt)
Invoke-CertToAccessToken -Cert <path to pfx> -ID <app id> -Tenant <id> Convert Azure Application certificate to JWT access token
New-SignedJWT -ID <appid> -Tenant <id> -Query <vault URL> -key <vault key> -Token <vault token> Construct JWT and sign using Key Vault certificate (Azure Key Vault access token required) then generate Azure Management (ARM) token

Post-Auth Methods:

All methods are subject to the assigned roles and permissions for the current access account

  • The -token flag is REQUIRED for all post-authentication methods.
  • Flags in square brackets/italics below are optional arguments. Flags without are REQUIRED.
Method Description
Get-CurrentUser Get current user profile
Get-CurrentUserActivity Get recent activity and actions of current user
Get-OrgInfo Get information relating to the target organization
Get-Domains Get domain objects
Get-User [-ID <userid/upn>] Get all users (default) or target user (-id)
Get-UserProperties [-ID <userid/upn>] Get current user properties (default) or target user (-id) !WARNING! loud/slow due to 403 errors when grouping properties
Get-UserGroupMembership [-ID <userid/upn>] Get group memberships for current user (default) or target user (-id)
Get-UserTransitiveGroupMembership [-ID <userid/upn>] Get transitive group memberships for current user (default) or target user (-id)
Get-Group [-ID <groupid>] Get all groups (default) or target group (-id)
Get-GroupMember -ID <groupid> Get all members of target group
Get-AppRoleAssignments [-ID <userid/upn>] Get application role assignments for current user (default) or target user (-id)
Get-ConditionalAccessPolicy -ID <cap id> Get conditional access policy properties
Get-PersonalContacts Get contacts of the current user
Get-CrossTenantAccessPolicy Get cross tenant access policy properties
Get-PartnerCrossTenantAccessPolicy Get partner cross tenant access policy
Get-UserChatMessages -ID <userid/upn> Get all messages from all chats for target user
Get-AdministrativeUnitMember -ID <admin unit id> Get members of administrative unit
Get-OneDriveFiles [-ID <userid/upn>] Get all accessible OneDrive files for current user (default) or target user (-id)
Get-UserPermissionGrants [-ID <userid/upn>] Get permissions grants of current user (default) or target user (-id)
Get-oauth2PermissionGrants [-ID <userid/upn>] Get oauth2 permission grants for current user (default) or target user (-id)
Get-Messages [-ID <userid/upn>] Get all messages in signed-in user’s mailbox (default) or target user (-id)
Get-TemporaryAccessPassword [-ID <userid/upn>] Get TAP details for current user (default) or target user (-id)
Get-Password [-ID <userid/upn>] Get passwords registered to current user (default) or target user (-id)
List-AuthMethods [-ID <userid/upn>] List authentication methods for current user (default) or target user (-id)
List-DirectoryRoles List all directory roles activated in the tenant
List-Notebooks [-ID <userid/upn>] List current user notebooks (default) or target user (-id)
List-ConditionalAccessPolicies List conditional access policy objects
List-ConditionalAuthenticationContexts List conditional access authentication context
List-ConditionalNamedLocations List conditional access named locations
List-SharePointRoot List root SharePoint site properties
List-SharePointSites List any available SharePoint sites
List-ExternalConnections List external connections
List-Applications List all Azure Applications
List-ServicePrincipals List all service principals
List-Tenants List tenants
List-JoinedTeams [-ID <userid/upn>] List joined teams for current user (default) or target user (-id)
List-Chats [-ID <userid/upn>] List chats for current user (default) or target user (-id)
List-Devices List devices
List-AdministrativeUnits List administrative units
List-OneDrives [-ID <userid/upn>] List current user OneDrive (default) or target user (-id)
List-RecentOneDriveFiles List current users recent OneDrive files
List-SharedOneDriveFiles List OneDrive files shared with the current user
Invoke-Search -Search <string> -Entity <entity> Search for string within entity type (driveItem, message, chatMessage, site, event)
Find-PrivilegedRoleUsers Find users with privileged roles assigned
Invoke-CustomQuery -Query <graph endpoint URL> Custom GET query to target Graph API endpoint e.g. https://graph.microsoft.com/v1.0/me
Update-UserPassword -ID <userid/upn> Update the passwordProfile of the target user (NewUserS3cret@Pass!)
Add-ApplicationPassword -ID <appid> Add client secret to target application
Add-UserTAP -ID <userid/upn> Add new Temporary Access Password (TAP) to target user

Install & Use