Support for graph.microsoft.com

[mgeeky]

Yet another question (or maybe issue while running roadrecon) - sorry for being a bother! :)

Are there any plans for adding support for https://graph.microsoft.com based enumeration?

My use case is that I came in possession of access token scoped precisely for that client with User.Read User.ReadBasic.All scope and found that ROADtools are not able to help me pull data using this token.
Ultimately I guess I need to poke around manually?

(Invoke-RestMethod @{Uri="https://graph.microsoft.com";Headers=@{'Authorization'="Bearer $token"}; Method='GET'}).value

Regards,
Mariusz.

[dirkjanm]

I may at some point, but the Microsoft graph has a completely different API schema, so the entire setup of the database/collection/api/frontend would have to change as well.
Note that the token you have only allows to read info of the current user, so you couldn't really enumerate anything beyond the current user.

[mgeeky]

Yes, I'm aware of my permission limitations. It would be cool if that was added.

Using the occassion, can I somehow make roadrecon add new records to the existing database, rather than wiping it and starting from scratch during gather? I would like to collect recon data using multiple access tokens collected from various prinicipals and have all results collected to the same database.

Is this even possible?

[dirkjanm]

Not without editing the code. You could comment out various tasks in gather.py and modify it to not wipe the database. Duplicate data will cause errors in that case though.

[FuzzySecurity]

➕