diff --git a/PowerShell/ScubaGear/Modules/Permissions/RiskyPermissions.json b/PowerShell/ScubaGear/Modules/Permissions/RiskyPermissions.json index e25f4297e5..9201ef6c42 100644 --- a/PowerShell/ScubaGear/Modules/Permissions/RiskyPermissions.json +++ b/PowerShell/ScubaGear/Modules/Permissions/RiskyPermissions.json @@ -40,6 +40,7 @@ "01d4889c-1287-42c6-ac1f-5d1e02578ef6": "Files.Read.All", "75359482-378d-4052-8f01-80520e7db3cd": "Files.ReadWrite.All", "9492366f-7969-46a4-8d15-ed1a20078fff": "Sites.ReadWrite.All", + "332a536c-c7ef-4017-ab91-336970924f0d": "Sites.Read.All", "a82116e5-55eb-4c41-a434-62fe8a61c773": "Sites.FullControl.All", "01c0a623-fc9b-48e9-b794-0756f8e8f067": "Policy.ReadWrite.ConditionalAccess", "246dd0d5-5bd0-4def-940b-0421030a5b68": "Policy.Read.All" @@ -49,7 +50,6 @@ "4807a72c-ad38-4250-94c9-4eabfe26cd55": "ActivityFeed.ReadDlp" }, "Office 365 Exchange Online": { - "dc50a0fb-09a3-484d-be87-e023b12c6440": "Exchange.ManageAsApp", "dc890d15-9560-4a4c-9b7f-a736ec74ec40": "full_access_as_app", "798ee544-9d2d-430c-a058-570e29e34338": "Calendars.Read", "2dfdc6dc-2fa7-4a2c-a922-dbd4f85d17be": "Calendars.Read.All", @@ -57,6 +57,7 @@ "089fe4d0-434a-44c5-8827-41ba8a0b17f5": "Contacts.Read", "6918b873-d17a-4dc1-b314-35f528134491": "Contacts.ReadWrite", "e2a3a72e-5f79-4c64-b1b1-878b674786c9": "Mail.ReadWrite", + "810c84a8-4a9e-49e6-bf7d-12d183f40d01": "Mail.Read", "b633e1c5-b582-4048-a93e-9f11b44c7e96": "Mail.Send", "d45fa9f8-36e5-4cd2-b601-b063c7cf9ac2": "MailboxSettings.Read", "f9156939-25cd-4ba8-abfe-7fabcf003749": "MailboxSettings.ReadWrite", @@ -64,7 +65,11 @@ "77e65b5a-ceae-48b3-9490-50a86a038a48": "User.ReadBasic.All" }, "Office 365 SharePoint Online": { - "678536fe-1083-478a-9c59-b99265e6b0d3": "Sites.FullControl.All" + "fbcd29d2-fcca-4405-aded-518d457caae4": "Sites.ReadWrite.All", + "d13f72ca-a275-4b96-b789-48ebcc4da984": "Sites.Read.All", + "678536fe-1083-478a-9c59-b99265e6b0d3": "Sites.FullControl.All", + "741f803b-c850-494e-b5df-cde7c675a1ca": "User.ReadWrite.All", + "df021288-bdef-4463-88db-98f22de89214": "User.Read.All" } } } \ No newline at end of file diff --git a/PowerShell/ScubaGear/Modules/Providers/ExportAADProvider.psm1 b/PowerShell/ScubaGear/Modules/Providers/ExportAADProvider.psm1 index 758178c57f..c9a225d691 100644 --- a/PowerShell/ScubaGear/Modules/Providers/ExportAADProvider.psm1 +++ b/PowerShell/ScubaGear/Modules/Providers/ExportAADProvider.psm1 @@ -180,14 +180,19 @@ function Export-AADProvider { $DomainSettings = ConvertTo-Json @($Tracker.TryCommand("Get-MgBetaDomain")) ##### This block gathers information on application/service principal API permissions - $HelperFolderPath = Join-Path -Path $PSScriptRoot -ChildPath "ProviderHelpers" - Import-Module (Join-Path -Path $HelperFolderPath -ChildPath "AADRiskyPermissionsHelper.psm1") + #$HelperFolderPath = Join-Path -Path $PSScriptRoot -ChildPath "ProviderHelpers" + #Import-Module (Join-Path -Path $HelperFolderPath -ChildPath "AADRiskyPermissionsHelper.psm1") + Import-Module $PSScriptRoot/ProviderHelpers/AADRiskyPermissionsHelper.psm1 $RiskyApps = $Tracker.TryCommand("Get-ApplicationsWithRiskyPermissions") $RiskySPs = $Tracker.TryCommand("Get-ServicePrincipalsWithRiskyPermissions") + #$RiskyApps = Get-ApplicationsWithRiskyPermissions + #$RiskySPs = Get-ServicePrincipalsWithRiskyPermissions $FirstPartyApps = ConvertTo-Json -Depth 3 $Tracker.TryCommand("Get-FirstPartyRiskyApplications", @{"RiskyApps"=$RiskyApps; "RiskySPs"=$RiskySPs}) $ThirdPartySPs = ConvertTo-Json -Depth 3 $Tracker.TryCommand("Get-ThirdPartyRiskyServicePrincipals", @{"RiskyApps"=$RiskyApps; "RiskySPs"=$RiskySPs}) + #$FirstPartyApps = Get-FirstPartyRiskyApplications -RiskyApps $RiskyApps -RiskySPs $RiskySPs | ConvertTo-Json -Depth 3 + #$ThirdPartySPs = Get-ThirdPartyRiskyServicePrincipals -RiskyApps $RiskyApps -RiskySPs $RiskySPs | ConvertTo-Json -Depth 3 $FirstPartyApps > firstpartyapps.json $ThirdPartySPs > thirdpartysps.json diff --git a/PowerShell/ScubaGear/Modules/Providers/ProviderHelpers/CommandTracker.psm1 b/PowerShell/ScubaGear/Modules/Providers/ProviderHelpers/CommandTracker.psm1 index a365903beb..67c7548d4c 100644 --- a/PowerShell/ScubaGear/Modules/Providers/ProviderHelpers/CommandTracker.psm1 +++ b/PowerShell/ScubaGear/Modules/Providers/ProviderHelpers/CommandTracker.psm1 @@ -1,5 +1,6 @@ Import-Module -Name $PSScriptRoot/../ExportEXOProvider.psm1 -Function Get-ScubaSpfRecord, Get-ScubaDkimRecord, Get-ScubaDmarcRecord Import-Module -Name $PSScriptRoot/../ExportAADProvider.psm1 -Function Get-PrivilegedRole, Get-PrivilegedUser +Import-Module -Name $PSScriptRoot/AADRiskyPermissionsHelper.psm1 -Function Get-ApplicationsWithRiskyPermissions, Get-ServicePrincipalsWithRiskyPermissions, Get-FirstPartyRiskyApplications, Get-ThirdPartyRiskyServicePrincipals class CommandTracker { [string[]]$SuccessfulCommands = @() diff --git a/PowerShell/ScubaGear/Testing/Unit/PowerShell/Providers/AADProvider/Export-AADProvider.Tests.ps1 b/PowerShell/ScubaGear/Testing/Unit/PowerShell/Providers/AADProvider/Export-AADProvider.Tests.ps1 index be352070bd..0af2a515cd 100644 --- a/PowerShell/ScubaGear/Testing/Unit/PowerShell/Providers/AADProvider/Export-AADProvider.Tests.ps1 +++ b/PowerShell/ScubaGear/Testing/Unit/PowerShell/Providers/AADProvider/Export-AADProvider.Tests.ps1 @@ -71,19 +71,19 @@ InModuleScope -ModuleName ExportAADProvider { $this.SuccessfulCommands += $Command return [pscustomobject]@{} } - "Get-ApplicationsWithRiskyPermissions."{ + "Get-ApplicationsWithRiskyPermissions"{ $this.SuccessfulCommands += $Command return [pscustomobject]@{} } - "Get-FirstPartyRiskyApplications..."{ + "Get-ServicePrincipalsWithRiskyPermissions"{ $this.SuccessfulCommands += $Command return [pscustomobject]@{} } - "Get-ServicePrincipalsWithRiskyPermissions.."{ + "Get-FirstPartyRiskyApplications"{ $this.SuccessfulCommands += $Command return [pscustomobject]@{} } - "Get-ThirdPartyRiskyServicePrincipals..."{ + "Get-ThirdPartyRiskyServicePrincipals"{ $this.SuccessfulCommands += $Command return [pscustomobject]@{} }