/power-pwn

An offensive security toolset for Microsoft 365 focused on Microsoft Copilot, Copilot Studio and Power Platform

Primary LanguagePythonMIT LicenseMIT

Maintained by:

Empower your business, not the adversaries.


Overview

powerpwn Black Hat SecTor 23 Black Hat DEFCON30

stars twitter email me

Power Pwn is an offensive security toolset for Microsoft 365. Check out our Wiki for docs, guides and related talks!

An review of the tool's basic modules is available here:

BlackHat Arsenal USA 2023 - Power Pwn

Installation

  1. Install with pip install powerpwn.
  2. Please review the following modules' Wiki pages for additional installation dependencies:

Quick Guide for Developers

Clone the repository and setup a virtual environment in your IDE. Install python packages by running:

python init_repo.py

To activate the virtual environment (.venv) run:

.\.venv\Scripts\activate (Windows)

./.venv/bin/activate (Linux)

Run:

pip install .

Notes:

  1. To handle the GUI properly, please use Python 3.8 for the above virtual environment, if it is not already the default.

  2. If the project directory isn't set up correctly you can use this command (or one similar to it) to set it up manually:

    • export PYTHONPATH=/[your_powerpwn_directory]/src:$PYTHONPATH (Linux)
    • $env:PYTHONPATH = "C:\[your_powerpwn_directory]\src;" + $env:PYTHONPATH (Windows PowerShell)
  3. To handle the PowerDump module's GUI properly, please use Python 3.8 for the above pip version if it is not already the default. Alternatively, you can install the above within a Python 3.8 virtual environment.

  4. When pushing PR, you can run black -C -l 150 {file to path} to fix any formatting issues related to black.

Usage

  1. For quickly getting started with scanning your tenant, please check the powerdump module here.
  2. Please check out the relevant Wiki page for each module for further information.