PowerZure - PowerShell script to interact with Azure


PowerZure is a PowerShell script written to assist in assessing Azure security. Functions are broken out into their context as well as the role needed to run them.


Function Description Role
PowerZure -h Diplays the help menu Any


Function Description Role
Set-Subscription Sets the default Subscription to operate in Reader


Function Description Role
Create-Backdoor Creates a Runbook that creates an Azure account and generates a Webhook to that Runbook Administrator
Execute-Backdoor Executes the backdoor that is created with "Create-Backdoor". Needs the URI generated from Create-Backdoor Administrator
Execute-Command Executes a command on a specified VM Contributor
Execute-MSBuild Executes MSBuild payload on a specified VM. By default, Azure VMs have .NET 4.0 installed. Will run as SYSTEM. Contributor
Execute-Program Executes a supplied program. Contributor
Upload-StorageContent Uploads a supplied file to a storage share. Contributor
Stop-VM Stops a VM Contributor
Start-VM Starts a VM Contributor
Restart-VM Restarts a VM Contributor
Start-Runbook Starts a specific Runbook Contributor
Set-Role Sets a role for a specific user on a specific resource or subscription Owner
Remove-Role Removes a user from a role on a specific resource or subscription Owner
Set-Group Adds a user to a group Administrator

Information Gathering

Function Description Role
Get-CurrentUser Returns the current logged in user name, their role + groups, and any owned objects Reader
Get-AllUsers Lists all users in the subscription Reader
Get-User Gathers info on a specific user Reader
Get-AllGroups Lists all groups + info within Azure AD Reader
Get-Resources Lists all resources in the subscription Reader
Get-Apps Lists all applications in the subscription Reader
Get-GroupMembers Gets all the members of a specific group. Group does NOT mean role. Reader
Get-AllGroupMembers Gathers all the group members of all the groups. Reader
Get-AllRoleMembers Gets all the members of all roles. Roles does not mean groups. Reader
Get-Roles Lists the roles in the subscription Reader
Get-RoleMembers Gets the members of a role Reader
Get-Sps Returns all service principals Reader
Get-Sp Returns all info on a specified service principal Reader
Get-Apps Gets all applications and their Ids Reader
Get-AppPermissions Returns the permissions of an app Reader
Get-WebApps Gets running web apps Reader
Get-WebAppDetails Gets running webapps details Reader

Secret Gathering

Function Description Role
Get-KeyVaults Lists the Key Vaults Reader
Get-KeyVaultContents Get the secrets from a specific Key Vault Contributor
Get-AllKeyVaultContents Gets ALL the secrets from all Key Vaults. Contributor
Get-AppSecrets Returns the application passwords or certificate credentials Contributor
Get-AllAppSecrets Returns all application passwords or certificate credentials (If accessible) Contributor
Get-AllSecrets Gets ALL the secrets from all Key Vaults and applications. Contributor
Get-AutomationCredentials Gets the credentials from any Automation Accounts Contributor

Data Exfiltration

Function Description Role
Get-StorageAccounts Gets all storage accounts Reader
Get-StorageAccountKeys Gets the account keys for a storage account Contributor
Get-StorageContents Gets the contents of a storage container or file share Reader
Get-Runbooks Lists all the Runbooks Reader
Get-RunbookContent Reads content of a specific Runbook Reader
Get-AvailableVMDisks Lists the VM disks available. Reader
Get-VMDisk Generates a link to download a Virtual Machiche's disk. The link is only available for an hour. Contributor
Get-VMs Lists available VMs Reader

More at: https://github.com/hausec/PowerZure

February 18, 2020
Notify of
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.
What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4


We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.