StormSpotter

StormSpotter (https://github.com/Azure/Stormspotter) is a tool from Microsoft for creating attack graphs of Azure resources. It uses the Neo4j graph database to create graphs for relationships in Azure and Entra ID! It has following modules – Backend – This is used for ingesting the data in the Neo4j database – Frontend (WebApp) – This is the UI used for visualizing the data. – Collector – This is used to collect the data from Azure.

Start the backend service

cd C:\AzAD\Tools\stormspotter\backend\
pipenv shell
python ssbackend.pyz

In a new process, start the frontend web server

cd C:\AzAD\Tools\stormspotter\frontend\dist\spa\
quasar.cmd serve -p 9091 --history

Use Stormcollector to collect the data.

cd C:\AzAD\Tools\stormspotter\stormcollector\
pipenv shell
az login -u test@defcorphq.onmicrosoft.com -p SuperVeryEasytoGuessPassword@1234
python C:\AzAD\Tools\stormspotter\stormcollector\sscollector.pyz cli

Log-on to the webserver at http://localhost:9091 using the following: Username: neo4j Password: BloodHound Server: bolt://localhost:7687. After login, upload the ZIP archive created by the collector. Use the built-in queries to visualize the data.

PreviousROADToolsNextAzureHound

Last updated