Skip to content

Commit 0156a02

Browse files
mlcsecmlcsec
committed
Update v1.0
1 parent 8af4870 commit 0156a02

7 files changed

Lines changed: 610 additions & 27 deletions

File tree

.github/locatedirectoryrole.png

53.8 KB
Loading

.github/locatepermissionid2.png

90.2 KB
Loading

Graphpython/__main__.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -78,7 +78,7 @@ def main():
7878
"list-sharedonedrivefiles", "invoke-customquery", "invoke-search", "find-privilegedroleusers", "find-updatablegroups", "find-dynamicgroups","find-securitygroups",
7979
"locate-objectid", "update-userpassword", "add-applicationpassword", "add-usertap", "add-groupmember", "create-application",
8080
"create-newuser", "invite-guestuser", "assign-privilegedrole", "open-owamailboxinbrowser", "dump-owamailbox", "spoof-owaemailmessage",
81-
"delete-user", "delete-group", "remove-groupmember", "delete-application", "delete-device", "wipe-device", "retire-device",
81+
"delete-user", "delete-group", "remove-groupmember", "delete-application", "delete-device", "wipe-device", "retire-device", "locate-directoryrole",
8282
"get-manageddevices", "get-userdevices", "get-caps", "get-devicecategories", "get-devicecompliancepolicies", "update-deviceconfig",
8383
"get-devicecompliancesummary", "get-deviceconfigurations", "get-deviceconfigurationpolicies", "get-deviceconfigurationpolicysettings",
8484
"get-deviceenrollmentconfigurations", "get-devicegrouppolicyconfigurations","update-userproperties", "dump-windowsapps", "dump-iosapps", "dump-androidapps",
@@ -205,7 +205,7 @@ def main():
205205
getattr(cleanup, args.command.replace("-", "_"))(args)
206206

207207
# Locator commands
208-
elif args.command in ["locate-objectid", "locate-permissionid"]:
208+
elif args.command in ["locate-objectid", "locate-permissionid", "locate-directoryrole"]:
209209
getattr(locators, args.command.replace("-", "_"))(args)
210210

211211
# ...

Graphpython/commands/directoryroles.txt

Lines changed: 526 additions & 0 deletions
Large diffs are not rendered by default.

Graphpython/commands/locators.py

Lines changed: 79 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
import requests
22
import os
3+
import re
34
from bs4 import BeautifulSoup
45
from Graphpython.utils.helpers import print_yellow, print_green, print_red, get_user_agent, get_access_token
56

@@ -98,20 +99,19 @@ def locate_permissionid(args):
9899
if not args.id:
99100
print_red("[-] Error: --id argument is required for Locate-PermissionID command")
100101
return
101-
102102
print_yellow("[*] Locate-PermissionID")
103103
print("=" * 80)
104104

105105
def parse_html(content):
106106
soup = BeautifulSoup(content, 'html.parser')
107107
permissions = {}
108-
108+
109109
for h3 in soup.find_all('h3'):
110110
title = h3.text
111111
table = h3.find_next('table')
112112
headers = [th.text for th in table.find('thead').find_all('th')]
113113
rows = table.find('tbody').find_all('tr')
114-
114+
115115
permission_data = {}
116116
for row in rows:
117117
cells = row.find_all('td')
@@ -123,28 +123,28 @@ def parse_html(content):
123123
headers[2]: delegated
124124
}
125125
permissions[title] = permission_data
126-
126+
127127
return permissions
128128

129129
def highlight(text, should_highlight):
130130
if should_highlight:
131131
return f"\033[92m{text}\033[0m"
132132
return text
133-
134-
def print_permission(permission, data, app_ids, delegated_ids):
133+
134+
def print_permission(permission, data, identifiers):
135135
print_green(f"{permission}")
136136
for category, values in data.items():
137137
print(f" {category}:")
138-
app_highlight = data['Identifier']['Application'] in app_ids
139-
delegated_highlight = data['Identifier']['Delegated'] in delegated_ids
138+
app_highlight = data['Identifier']['Application'] in identifiers or permission in identifiers
139+
delegated_highlight = data['Identifier']['Delegated'] in identifiers or permission in identifiers
140140
print(f" Application: {highlight(values['Application'], app_highlight)}")
141141
print(f" Delegated: {highlight(values['Delegated'], delegated_highlight)}")
142142
print()
143143

144144
identifiers = args.id.split(',')
145145
script_dir = os.path.dirname(os.path.abspath(__file__))
146146
file_path = os.path.join(script_dir, 'graphpermissions.txt')
147-
147+
148148
try:
149149
with open(file_path, 'r') as file:
150150
content = file.read()
@@ -156,25 +156,80 @@ def print_permission(permission, data, app_ids, delegated_ids):
156156
print_red(f"[-] An error occurred: {e}")
157157
print("=" * 80)
158158
return
159-
159+
160160
permissions = parse_html(content)
161-
app_ids = []
162-
delegated_ids = []
163-
164-
for permission, data in permissions.items():
165-
if data['Identifier']['Application'] in identifiers:
166-
app_ids.append(data['Identifier']['Application'])
167-
if data['Identifier']['Delegated'] in identifiers:
168-
delegated_ids.append(data['Identifier']['Delegated'])
169-
170161
found_permissions = False
171-
162+
172163
for permission, data in permissions.items():
173-
if data['Identifier']['Application'] in app_ids or data['Identifier']['Delegated'] in delegated_ids:
174-
print_permission(permission, data, app_ids, delegated_ids)
164+
if (data['Identifier']['Application'] in identifiers or
165+
data['Identifier']['Delegated'] in identifiers or
166+
permission in identifiers):
167+
print_permission(permission, data, identifiers)
175168
found_permissions = True
176-
169+
177170
if not found_permissions:
178-
print_red("[-] Permission ID not found")
171+
print_red("[-] Permission ID or name not found")
172+
173+
print("=" * 80)
174+
175+
def locate_directoryrole(args):
176+
if not args.id:
177+
print_red("[-] Error: --id argument is required for Locate-DirectoryRole command")
178+
return
179+
print_yellow("[*] Locate-DirectoryRole")
180+
print("=" * 80)
181+
182+
def parse_html(content):
183+
soup = BeautifulSoup(content, 'html.parser')
184+
roles = []
185+
for row in soup.find_all('tr')[1:]: # skip header row
186+
cells = row.find_all('td')
187+
if len(cells) == 3:
188+
role_name = cells[0].text.strip()
189+
description = cells[1].text.strip()
190+
template_id = cells[2].text.strip()
191+
privileged = 'privileged-roles-permissions' in str(cells[1])
192+
roles.append({
193+
'name': role_name,
194+
'description': description,
195+
'template_id': template_id,
196+
'privileged': privileged
197+
})
198+
return roles
199+
200+
def print_role(role):
201+
print(f"Role: \033[92m{role['name']}\033[0m")
202+
print(f"Description: \033[92m{role['description']}\033[0m")
203+
print(f"Template ID: \033[92m{role['template_id']}\033[0m")
204+
print(f"Privileged: \033[92m{'Yes' if role['privileged'] else 'No'}\033[0m")
205+
print()
206+
207+
identifier = args.id.lower()
208+
209+
script_dir = os.path.dirname(os.path.abspath(__file__))
210+
file_path = os.path.join(script_dir, 'directoryroles.txt')
179211

212+
try:
213+
with open(file_path, 'r', encoding='utf-8') as file:
214+
content = file.read()
215+
except FileNotFoundError:
216+
print_red(f"[-] The file {file_path} does not exist.")
217+
print("=" * 80)
218+
return
219+
except Exception as e:
220+
print_red(f"[-] An error occurred while reading the file: {e}")
221+
print("=" * 80)
222+
return
223+
224+
roles = parse_html(content)
225+
found_role = False
226+
227+
for role in roles:
228+
if identifier in role['name'].lower() or identifier == role['template_id'].lower():
229+
print_role(role)
230+
found_role = True
231+
232+
if not found_role:
233+
print_red("[-] Directory role ID or name not found")
234+
180235
print("=" * 80)

Graphpython/utils/helpers.py

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -178,7 +178,8 @@ def list_commands():
178178

179179
locator_commands = [
180180
["Locate-ObjectID", "Locate object ID and display object properties"],
181-
["Locate-PermissionID", "Locate Graph permission details (application/delegated, description, admin consent required, ...) for ID"]
181+
["Locate-PermissionID", "Locate Graph permission details (application/delegated, description, admin consent required) for ID or permission name"],
182+
["Locate-DirectoryRole", "Locate Entra directory role information for template ID or role name"]
182183
]
183184

184185
print("Outsider")

setup.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,5 +38,6 @@
3838
include_package_data=True,
3939
package_data={
4040
'Graphpython': ['commands/graphpermissions.txt'],
41+
'Graphpython': ['commands/directoryroles.txt']
4142
},
4243
)

0 commit comments

Comments
 (0)