Modules: PowerDump

Description

powerdump is a tool for exploring information in Microsoft PowerPlatform from a Red Team perspective. In short, this is what it does:

• Generates access tokens for fetching available resources in Microsoft PowerApps.
• Uses HTTP calls in Python to dump all available information in the Microsoft PowerPlatform into a local directory.
• Generates access tokens for performing advanced actions on the discovered resources.
• Provides a basic GUI for presenting the collected resources and data.

Note: For its GUI, powerpwn uses browsepy Python library and is therefore only compatible with Python 3.6-3.8 (development is done with Python 3.8).

Using the PowerDump module

Via powerpwn cli

• Run powerpwn recon --tenant {tenantId} --cache-path {path} to collect resources from tenantId and store it in path. The default cache-path is .cache .
• For more options run powerpwn recon --help
• On first execution, a device flow will initiate for acquiring an access token to the designated tenant.
• Run powerpwn dump -tenant {tenantId} --cache-path {path} to dump all available data from the collected resources. The cache-path should be same of recon command
• Collection may take a while, depending on the tenant size. Once collection is done, you can find the collected resources and data under the path directory.
• Access tokens to powerapps and apihub are cached in tokens.json file.

Via powerpwn gui

• Run powerpwn gui --cache-path {path}, with the path used for the recon and dump commands. The default cache-path remains .cache .
• At http://127.0.0.1:5000/ you can find an application with all the collected resources.
• For connections, Playground will generate the connections swagger, that allow you to run these connections and perform actions on the platform. To authenticate, use the generated apihub access token generated in the previous step.
• At http://127.0.0.1:8080/ you can find a simple file browser with the dump of all resources and data.