Skip to content

Commit

Permalink
wrap cmdlets with trycommand(); adjust imports
Browse files Browse the repository at this point in the history
  • Loading branch information
mitchelbaker-cisa committed Dec 9, 2024
1 parent cd679e0 commit b208a3a
Show file tree
Hide file tree
Showing 4 changed files with 19 additions and 8 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@
"01d4889c-1287-42c6-ac1f-5d1e02578ef6": "Files.Read.All",
"75359482-378d-4052-8f01-80520e7db3cd": "Files.ReadWrite.All",
"9492366f-7969-46a4-8d15-ed1a20078fff": "Sites.ReadWrite.All",
"332a536c-c7ef-4017-ab91-336970924f0d": "Sites.Read.All",
"a82116e5-55eb-4c41-a434-62fe8a61c773": "Sites.FullControl.All",
"01c0a623-fc9b-48e9-b794-0756f8e8f067": "Policy.ReadWrite.ConditionalAccess",
"246dd0d5-5bd0-4def-940b-0421030a5b68": "Policy.Read.All"
Expand All @@ -49,22 +50,26 @@
"4807a72c-ad38-4250-94c9-4eabfe26cd55": "ActivityFeed.ReadDlp"
},
"Office 365 Exchange Online": {
"dc50a0fb-09a3-484d-be87-e023b12c6440": "Exchange.ManageAsApp",
"dc890d15-9560-4a4c-9b7f-a736ec74ec40": "full_access_as_app",
"798ee544-9d2d-430c-a058-570e29e34338": "Calendars.Read",
"2dfdc6dc-2fa7-4a2c-a922-dbd4f85d17be": "Calendars.Read.All",
"ef54d2bf-783f-4e0f-bca1-3210c0444d99": "Calendars.ReadWrite.All",
"089fe4d0-434a-44c5-8827-41ba8a0b17f5": "Contacts.Read",
"6918b873-d17a-4dc1-b314-35f528134491": "Contacts.ReadWrite",
"e2a3a72e-5f79-4c64-b1b1-878b674786c9": "Mail.ReadWrite",
"810c84a8-4a9e-49e6-bf7d-12d183f40d01": "Mail.Read",
"b633e1c5-b582-4048-a93e-9f11b44c7e96": "Mail.Send",
"d45fa9f8-36e5-4cd2-b601-b063c7cf9ac2": "MailboxSettings.Read",
"f9156939-25cd-4ba8-abfe-7fabcf003749": "MailboxSettings.ReadWrite",
"bf24470f-10c1-436d-8d53-7b997eb473be": "User.Read.All",
"77e65b5a-ceae-48b3-9490-50a86a038a48": "User.ReadBasic.All"
},
"Office 365 SharePoint Online": {
"678536fe-1083-478a-9c59-b99265e6b0d3": "Sites.FullControl.All"
"fbcd29d2-fcca-4405-aded-518d457caae4": "Sites.ReadWrite.All",
"d13f72ca-a275-4b96-b789-48ebcc4da984": "Sites.Read.All",
"678536fe-1083-478a-9c59-b99265e6b0d3": "Sites.FullControl.All",
"741f803b-c850-494e-b5df-cde7c675a1ca": "User.ReadWrite.All",
"df021288-bdef-4463-88db-98f22de89214": "User.Read.All"
}
}
}
9 changes: 7 additions & 2 deletions PowerShell/ScubaGear/Modules/Providers/ExportAADProvider.psm1
Original file line number Diff line number Diff line change
Expand Up @@ -180,14 +180,19 @@ function Export-AADProvider {
$DomainSettings = ConvertTo-Json @($Tracker.TryCommand("Get-MgBetaDomain"))

##### This block gathers information on application/service principal API permissions
$HelperFolderPath = Join-Path -Path $PSScriptRoot -ChildPath "ProviderHelpers"
Import-Module (Join-Path -Path $HelperFolderPath -ChildPath "AADRiskyPermissionsHelper.psm1")
#$HelperFolderPath = Join-Path -Path $PSScriptRoot -ChildPath "ProviderHelpers"
#Import-Module (Join-Path -Path $HelperFolderPath -ChildPath "AADRiskyPermissionsHelper.psm1")
Import-Module $PSScriptRoot/ProviderHelpers/AADRiskyPermissionsHelper.psm1

$RiskyApps = $Tracker.TryCommand("Get-ApplicationsWithRiskyPermissions")
$RiskySPs = $Tracker.TryCommand("Get-ServicePrincipalsWithRiskyPermissions")
#$RiskyApps = Get-ApplicationsWithRiskyPermissions
#$RiskySPs = Get-ServicePrincipalsWithRiskyPermissions

$FirstPartyApps = ConvertTo-Json -Depth 3 $Tracker.TryCommand("Get-FirstPartyRiskyApplications", @{"RiskyApps"=$RiskyApps; "RiskySPs"=$RiskySPs})
$ThirdPartySPs = ConvertTo-Json -Depth 3 $Tracker.TryCommand("Get-ThirdPartyRiskyServicePrincipals", @{"RiskyApps"=$RiskyApps; "RiskySPs"=$RiskySPs})
#$FirstPartyApps = Get-FirstPartyRiskyApplications -RiskyApps $RiskyApps -RiskySPs $RiskySPs | ConvertTo-Json -Depth 3
#$ThirdPartySPs = Get-ThirdPartyRiskyServicePrincipals -RiskyApps $RiskyApps -RiskySPs $RiskySPs | ConvertTo-Json -Depth 3

$FirstPartyApps > firstpartyapps.json
$ThirdPartySPs > thirdpartysps.json
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
Import-Module -Name $PSScriptRoot/../ExportEXOProvider.psm1 -Function Get-ScubaSpfRecord, Get-ScubaDkimRecord, Get-ScubaDmarcRecord
Import-Module -Name $PSScriptRoot/../ExportAADProvider.psm1 -Function Get-PrivilegedRole, Get-PrivilegedUser
Import-Module -Name $PSScriptRoot/AADRiskyPermissionsHelper.psm1 -Function Get-ApplicationsWithRiskyPermissions, Get-ServicePrincipalsWithRiskyPermissions, Get-FirstPartyRiskyApplications, Get-ThirdPartyRiskyServicePrincipals

class CommandTracker {
[string[]]$SuccessfulCommands = @()
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -71,19 +71,19 @@ InModuleScope -ModuleName ExportAADProvider {
$this.SuccessfulCommands += $Command
return [pscustomobject]@{}
}
"Get-ApplicationsWithRiskyPermissions."{
"Get-ApplicationsWithRiskyPermissions"{
$this.SuccessfulCommands += $Command
return [pscustomobject]@{}
}
"Get-FirstPartyRiskyApplications..."{
"Get-ServicePrincipalsWithRiskyPermissions"{
$this.SuccessfulCommands += $Command
return [pscustomobject]@{}
}
"Get-ServicePrincipalsWithRiskyPermissions.."{
"Get-FirstPartyRiskyApplications"{
$this.SuccessfulCommands += $Command
return [pscustomobject]@{}
}
"Get-ThirdPartyRiskyServicePrincipals..."{
"Get-ThirdPartyRiskyServicePrincipals"{
$this.SuccessfulCommands += $Command
return [pscustomobject]@{}
}
Expand Down

0 comments on commit b208a3a

Please sign in to comment.