Halberd is a powerful, multi-cloud security testing tool. Born out of the need for a unified, easy-to-use tool, Halberd enables you to proactively assess your cloud defenses by executing a comprehensive array of attack techniques across Entra ID, M365, Azure, and AWS. With its intuitive web interface, you can simulate real-world attacks, generate valuable telemetry, and validate your security controls with ease & speed.
Halberd lets you:
- Execute attack techniques faster than you can say "cloud misconfiguration"
- Generate telemetry that'll make your SOC team beam with joy
- Validate your defenses across Entra ID, M365, Azure, and AWS
- Do it all through a slick web interface that won't make your eyes bleed
- 🎭 Realistic attack simulations across multiple cloud platforms
- 🧠 Smart recon dashboards for gathering intel like a pro
- 🎬 Attack playbooks to channel your inner hacker
- 📊 Insightful reports to impress your boss (or your cat)
- 🖥️ CLI access for when you're feeling extra geeky
-
Clone that repo:
git clone https://github.com/vectra-ai-research/Halberd.git
-
Set up your playground:
cd Halberd python3 -m venv venv source venv/bin/activate # On Windows: venv\Scripts\activate pip install -r requirements.txt
-
Install Azure CLI:
- Windows: Official Microsoft guide
- Linux:
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
- macOS:
brew update && brew install azure-cli
-
Launch Halberd:
python3 Halberd.py
-
Point your browser to
http://127.0.0.1:8050/
and start testing
- Attack: Pick your poison – surface, tactic, technique – and start your testing!
- Access: Manage your tokens and sessions like a digital locksmith.
- Recon: Gather intel with visual dashboards. Try the "Entity Map" for a nice visualization!
- Automator: Chain attacks together like a mastermind.
- Trace: Review your handiwork and generate reports.
Checkout usage for more information on testing with Halberd.
Pro tip: Start with "Initial Access" under each attack surface. You can't hack what you can't reach!
Got ideas? Found a bug? Want to add that one cool feature? We're all ears! Check out our contribution guidelines and let's make Halberd even more awesome together.
Halberd is the brainchild of Arpan Sarkar, a cloud security enthusiast with a penchant for making life harder for attackers (and easier for defenders).
We didn't reinvent the wheel – we just made it roll smoother. Check out our inspirations and show some love to the amazing security tools that paved the way.
Now go forth and hack responsibly! 🚀