XMGoat: Open-source pentesting tool for Azure

XMGoat is an open-source tool that enables penetration testers, red teamers, security consultants, and cloud experts to learn how to abuse different misconfigurations within the Azure environment.

Misconfigurations within Azure environments are common. It’s important to learn and understand how attackers can exploit those misconfigurations and, more importantly, what causes them behind the scene.

“Currently, there aren’t a lot of information or tools available to help the cyber community better understand the attack surfaces within Azure. We were able to identify some gaps when it comes to attacking the Azure environment, so we wanted to help the community close these gaps. This mission resulted in XMGoat, an open source tool that familiarizes users with potential misconfigurations within the Azure environment and teaches them how attackers might exploit the misconfigurations, as well as how to defend against them,” Zur Ulianitzky, Head of XM Cyber Research, told Help Net Security.

How XMGoat works

XMGoat is composed of templates, and each template is a vulnerable environment with significant misconfigurations. Your job is to attack and compromise the environments.

Scenario example: Compromise sensitive storage account container

What to do for each environment

• Run installation and then get started.
• With the initial user and service principal credentials, attack the environment based on the scenario flow.
• If you need help with your attack, refer to the solution.
• When you’re done learning the attack, clean up.

Requirements

• Azure tenant.
• Terafform version 1.0.9 or above.
• Azure CLI.
• Azure User with Owner permissions on Subscription and Global Admin privileges in AAD.

XMGoat is available on GitHub.