Skip to main content

roadtools-vpn

roadtools-vpn is a versatile Azure AD reconnaissance tool designed for use within automated security workflows. It enables users to perform critical operations such as authentication, data gathering, and timeline analysis efficiently in cloud security contexts.

Ideal Use Cases & Fit

This tool excels in scenarios where users need to conduct Azure AD reconnaissance and gather authentication data. It is particularly useful when integrating with workflows that require token management and database operations for plugins. This tool is not suitable for environments that do not leverage Azure AD or when non-Azure resources are the target.

Value in Workflows

Integrating roadtools-vpn into security workflows enhances early reconnaissance stages and supports post-processing tasks. By automating Azure AD operations, this tool streamlines the process of gathering insights and data analysis, allowing security teams to focus on refining their security posture without manual intervention.

Input Data

This tool expects the following input data:

  • Format: Token file or database directory
  • Function: Serves as the target for the gather operation or database for plugins
  • Required Fields:
    • Example: tokens.json for gathering or roadrecon.db for plugins

Configuration

  • operation: Defines the operation to perform, such as auth, gather, xlsexport, or road2timeline.
  • username: Specifies the username for authentication.
  • password: Indicates the password for the authentication process.
  • tenant: Allows users to set the Tenant ID for authentication; default to the account's tenant if left blank.
  • client: Identifies the Client ID used for authentication, which must have user_impersonation permissions.
  • resource: Sets the resource for authenticating, with the default being https://graph.windows.net.
  • scope: Specifies the scope to request during authentication, overriding the resource if included.
  • as-app: Enables authentication as an app, requiring both password and client ID.
  • access-token: Accepts an access token (JWT).
  • refresh-token: Utilizes a refresh token for authentication.
  • origin: States the origin of a browser refresh token when combined with a client ID.
  • saml-token: Takes a SAML token from a Federation Server.
  • kdf-v1: Utilizes the older KDF version for PRT authentication.
  • user-agent: Sets a user agent or alias for token requests, defaulting to python-requests/version.