Convert Figma logo to code with AI

dirkjanm logoROADtools

A collection of Azure AD/Entra tools for offensive and defensive security purposes

1,822
259
1,822
13
View on GitHub

Top Related Projects

Azure's avatar

Azure-Sentinel

4,480

Cloud-native SIEM for intelligent security analytics for your entire enterprise.

NetSPI's avatar

MicroBurst

2,005

A collection of scripts for assessing Microsoft Azure security

Quick Overview

ROADtools is a framework for interacting with Azure AD. It consists of a library (roadlib) and a GUI (roadrecon) to explore and visualize Azure AD data. ROADtools is designed to help security professionals and administrators analyze and understand their Azure AD environment.

Pros

  • Comprehensive Azure AD data collection and analysis
  • User-friendly GUI for visualizing Azure AD relationships
  • Supports both interactive exploration and automated scripting
  • Regularly updated to keep pace with Azure AD changes

Cons

  • Requires Azure AD permissions to collect data
  • Learning curve for users unfamiliar with Azure AD concepts
  • Limited documentation for advanced use cases
  • Potential for misuse if not handled securely

Code Examples

  1. Authenticating with Azure AD:
from roadtools.roadlib.auth import Authentication

auth = Authentication()
auth.authenticate_device_code()
  1. Collecting Azure AD data:
from roadtools.roadlib.gather import GraphGatherer

gatherer = GraphGatherer(auth)
gatherer.gather()
  1. Querying collected data:
from roadtools.roadlib.metadef.database import Database

db = Database()
users = db.search_users(query='displayName:John')

Getting Started

  1. Install ROADtools:

    pip install roadtools

  2. Authenticate and gather data:

    from roadtools.roadlib.auth import Authentication
from roadtools.roadlib.gather import GraphGatherer

auth = Authentication()
auth.authenticate_device_code()

gatherer = GraphGatherer(auth)
gatherer.gather()

  3. Launch the GUI:

    roadrecon gui

Competitor Comparisons

Azure logo

Azure-Sentinel

4,480

Cloud-native SIEM for intelligent security analytics for your entire enterprise.

Pros of Azure-Sentinel

  • Comprehensive security solution with SIEM and SOAR capabilities
  • Extensive integration with Azure services and third-party tools
  • Active development and support from Microsoft

Cons of Azure-Sentinel

  • Steeper learning curve due to complexity
  • Requires Azure subscription and can be costly for large-scale deployments
  • Less focused on specific Azure AD/Office 365 security tasks

Code Comparison

ROADtools:

from roadrecon.gather import gather
from roadrecon.auth import Authentication

auth = Authentication()
auth.get_tokens()
gather(auth)

Azure-Sentinel:

- name: Get-AzSentinelAlertRule
  id: Get-AzSentinelAlertRule
  type: powershell
  steps:
    - script: |
        Get-AzSentinelAlertRule -ResourceGroupName "myResourceGroup" -WorkspaceName "myWorkspace"

ROADtools is a Python-based tool specifically designed for Azure AD reconnaissance, while Azure-Sentinel uses PowerShell and YAML for broader security management tasks. ROADtools offers a more targeted approach for Azure AD security assessment, whereas Azure-Sentinel provides a comprehensive security platform with wider capabilities but requires more setup and resources.

NetSPI logo

MicroBurst

2,005

A collection of scripts for assessing Microsoft Azure security

Pros of MicroBurst

  • Broader focus on Azure services beyond just Azure AD
  • Includes modules for Azure Key Vault and Storage Account enumeration
  • Offers more comprehensive Azure reconnaissance capabilities

Cons of MicroBurst

  • Less specialized for Azure AD-specific tasks
  • May require more setup and configuration for specific use cases
  • Not as actively maintained as ROADtools

Code Comparison

ROADtools:

from roadrecon.gather import gather
from roadrecon.auth import Authentication

auth = Authentication()
auth.authenticate_device_code()
gather(auth)

MicroBurst:

Import-Module .\MicroBurst.psm1
Get-AzDomainInfo -Verbose
Get-AzKeyVaultContent -Verbose
Get-AzStorageContent -Verbose

Summary

ROADtools focuses specifically on Azure AD reconnaissance and provides a more streamlined experience for that purpose. MicroBurst offers a wider range of Azure-related tools but may require more setup and familiarity with PowerShell. ROADtools is more actively maintained and specialized for Azure AD tasks, while MicroBurst provides broader Azure reconnaissance capabilities.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

ROADtools

(Rogue Office 365 and Azure (active) Directory tools)

Python 3 only License: MIT

ROADtools logo

ROADtools is a framework to interact with Azure AD. It consists of a library (roadlib) with common components, the ROADrecon Azure AD exploration tool and the ROADtools Token eXchange (roadtx) tool.

ROADlib

PyPI version

ROADlib is a library that can be used to authenticate with Azure AD or to build tools that integrate with a database containing ROADrecon data. The database model in ROADlib is automatically generated based on the metadata definition of the Azure AD internal API. ROADlib lives in the ROADtools namespace, so to import it in your scripts use from roadtools.roadlib import X

ROADrecon

PyPI version Build Status

ROADrecon is a tool for exploring information in Azure AD from both a Red Team and Blue Team perspective. In short, this is what it does:

  • Uses an automatically generated metadata model to create an SQLAlchemy backed database on disk.
  • Use asynchronous HTTP calls in Python to dump all available information in the Azure AD graph to this database.
  • Provide plugins to query this database and output it to a useful format.
  • Provide an extensive interface built in Angular that queries the offline database directly for its analysis.

ROADrecon uses async Python features and is only compatible with Python 3.7 and newer (development is done with Python 3.8, tests are run with versions up to Python 3.11).

Installation

There are multiple ways to install ROADrecon:

Using a published version on PyPi
Stable versions can be installed with pip install roadrecon. This will automatically add the roadrecon command to your PATH.

Using a version from GitHub
Every commit to master is automatically built into a release version with Azure Pipelines. This ensures that you can install the latest version of the GUI without having to install npm and all it's dependencies. You can download the roadlib and roadrecon build files from the Azure Pipelines artifacts (click on the button "1 Published". The build output files are stored in ROADtools.zip. You can either install the .whl or .tar.gz files directly using pip or unzip both and install the folders in the correct order (roadlib first):

pip install roadlib/
pip install roadrecon/

You can also install them in development mode with pip install -e roadlib/.

Developing the front-end
If you want to make changes to the Angular front-end, you will need to have node and npm installed. Then install the components from git:

git clone https://github.com/dirkjanm/roadtools.git
pip install -e roadlib/
pip install -e roadrecon/
cd roadrecon/frontend/
npm install

You can run the Angular frontend with npm start or ng serve using the Angular CLI from the roadrecon/frontend/ directory. To build the JavaScript files into ROADrecon's dist_gui directory, run npm build.

Using ROADrecon

See this Wiki page on how to get started.

ROADtools Token eXchange (roadtx)

PyPI version Build Status

roadtx is a tool for exchanging and using different types of Azure AD issued tokens. It supports many different authentication flows, device registration and PRT related operations. For an overview of the tool, see the roadtx Wiki.

Installation

There are multiple ways to install roadtx. Note that roadtx requires Python 3.7 or newer.

Using a published version on PyPi
Stable versions can be installed with pip install roadtx. This will automatically add the roadtx command to your PATH.

Using a version from GitHub You can clone this repository and install roadlib and then roadtx to make sure you have the latest versions of both the tool and the library:

pip install roadlib/
pip install roadtx/

You can also install them in development mode with pip install -e roadtx/.

Using roadtx

See the Wiki on how to use roadtx.