Home

Awesome

GraphRunner

GraphRunner

GraphRunner is a post-exploitation toolset for interacting with the Microsoft Graph API. It provides various tools for performing reconnaissance, persistence, and pillaging of data from a Microsoft Entra ID (Azure AD) account.

It consists of three separate parts:


Main Features


Usage

As GraphRunner is a post-exploitation tool most of the modules rely on having authenticated access tokens. To assist with this there are multiple modules for obtaining and working with both user and application (service principal) tokens.

A good starting place is to import the PowerShell script and run the Get-GraphTokens module.

Import-Module .\GraphRunner.ps1
Get-GraphTokens

Next, check out the wiki for the full user guide and information about individual modules.